On Tue, Dec 06, 2022 at 08:59:03AM +0000, Richard W.M. Jones wrote:

I don't believe the proposal is that everyone *has* to use this (or at
least, I hope not).  Even existing _FORTIFY_SOURCE=2 is optional.  I'd
like to know what the problems are that affect systemd however.

It's mentioned in this document:

https://developers.redhat.com/articles/2022/09/17/gccs-new-fortification-level#2__better_fortification_coverage

  _FORTIFY_SOURCE=3 revealed another pattern. Applications such as
  systemd used malloc_usable_size to determine available space in
  objects and then used the residual space. The glibc manual
  discourages this type of usage, dictating that malloc_usable_size is
  for diagnostic purposes only. But applications use the function as a
  hack to avoid reallocating buffers when there is space in the
  underlying malloc chunk. The implementation of malloc_usable_size
  needs to be fixed to return the allocated object size instead of the
  chunk size in non-diagnostic use. Alternatively, another solution is
  to deprecate the function. But that is a topic for discussion by the
  glibc community.

Rich.

Thanks for sharing. I missed that one.

Jarek