[Bug 156840] (gcc4 O1+) perl-DBD-pg Placeholders no longer functioning
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: (gcc4 O1+) perl-DBD-pg Placeholders no longer functioning
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=156840
------- Additional Comments From jpo(a)di.uminho.pt 2005-05-23 20:50 EST -------
The gcc4/glibc/_FORTIFY_SOURCE buffer overflow protection appears to
documented in this Jakub's email:
[PATCH] Object size checking to prevent (some) buffer overflows
http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
---------------------------------------------------------------
...
The intended use in glibc is that by default no protection is
done, when the above GCC 4.0+ and -D_FORTIFY_SOURCE=1 is used
at optimization level 1 and above, security measures that
shouldn't change behaviour of conforming programs are taken.
With -D_FORTIFY_SOURCE=2 some more checking is added, but
some conforming programs might fail.
...
---------------------------------------------------------------
The last sentence in the above paragraph worries me. How many false positives
were found? Does anyone know examples of some false positives?
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
18 years, 10 months
[Bug 156840] (gcc4 O1+) perl-DBD-pg Placeholders no longer functioning
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: (gcc4 O1+) perl-DBD-pg Placeholders no longer functioning
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=156840
------- Additional Comments From wtogami(a)redhat.com 2005-05-23 16:05 EST -------
<arjan> warren: =2 and =1 aren't entirely identical
<arjan> =2 is changing some subtle behavior that I would consider a bug
<arjan> but the standards don't
<arjan> example
<arjan> struct foo { char buf[20]; int a;};
<arjan> strcpy(foo->buf, "21 character long string....");
<arjan> that is allowed with =1
<arjan> but not with =2
Most likely this is FORTIFY_SOURCE=2 breaking on some bad code.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
18 years, 10 months
[Bug 158354] mod_perl 2.0.0
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: mod_perl 2.0.0
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158354
------- Additional Comments From jpo(a)di.uminho.pt 2005-05-23 14:38 EST -------
Warren,
Just rebuild mod_perl-2.0.0 in a i386 FC4test3+rawhide system without seeing the
FORTIFY_SOURCE warn/error messages.
RPMS: kernel-2.6.11-1.1340_FC4, rpm-4.4.1-20, gcc-4.0.0-8, perl-5.8.6-15
The only "strange" thing may be using -fpic and -fPIC at the same time. Can
-fpic be safely dropped from the specfile (CFLAGS and OPTIMIZE) ?
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
18 years, 10 months