Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-qa
Navigation:
Lists: gentoo-qa: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: Diego Elio Pettenò <flameeyes@...>
Subject: Portage to die on sure-enough _FORTIFY_SOURCE overflows
Date: Tue, 28 Sep 2010 11:43:28 +0200
Hi all,

since the last time I asked Zac about this it came back to bite me[1]
this time I'm going to send the announce to the list first, and if
nobody can actually come up with a good reason not to, I'm going to ask
Zac tomorrow to re-enable the feature.

What is this about? Portage already reports some of the overflow
warnings coming from the glibc fortified sources (-D_FORTIFY_SOURCE=2
-O2 — enabled since gcc 4.3.3-r1 and even stronger with gcc 4.5 and
glibc 2.12+, afaict), but they really are divided into two categories:

- might overflow (depends on combination of parameters and variables the
compiler can't completely untangle);
- _will_ overflow (whenever that code path is hit, an overflow will
happen).

The former we should highlight but not die upon; the latter, though...

As Mike and me expressed on the linked bug, code that is built with that
warning is code that is going to crash as surely as

char *foo = NULL;
foo[3] = 'a';

which could result in nasty surprises for users (see [2] for the whole
reasoning).

Now, we've not seen "proper" false positives (in the Portage sense I
mean — because even if the C library hits a false positive, it _will_
crash with an abort() from its own code!), but Kumba pointed me at a
case that wasn't entirely clear, and took a bit of detective work to
track down [3] so you could have users report issues you cannot easily
identify or reproduce. I cannot make promises, but if all else fail I'll
see to be around to help you with those cases.

So if you want to have your say, gentoo-qa is there for that.

Thank you,

[1] https://bugs.gentoo.org/show_bug.cgi?id=337031
[2]
http://blog.flameeyes.eu/2010/09/14/not-all-failures-are-caused-equal
[3]
http://blog.flameeyes.eu/2010/09/12/some-_fortify_source-far-fetched-warnings-are-funny

-- 
Diego Elio Pettenò — “Flameeyes”
http://blog.flameeyes.eu/

If you found a .asc file in this mail and know not what it is,
it's a GnuPG digital signature: http://www.gnupg.org/




Replies:
Re: [gentoo-dev] Portage to die on sure-enough _FORTIFY_SOURCE overflows
-- Alec Warner
Navigation:
Lists: gentoo-qa: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Reiterating my vote of no confidence on Mark Loeser as QA lead
Next by thread:
Re: [gentoo-dev] Portage to die on sure-enough _FORTIFY_SOURCE overflows
Previous by date:
Re: QA power to suspend access [WAS: Re: Roll-call for the team members and requesting a new election]
Next by date:
Re: [gentoo-dev] Portage to die on sure-enough _FORTIFY_SOURCE overflows


Updated Aug 26, 2011

Summary: Archive of the gentoo-qa mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.