From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1P0Wj5-0004uC-Eo for garchives@archives.gentoo.org; Tue, 28 Sep 2010 09:43:55 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A066FE06D8; Tue, 28 Sep 2010 09:43:44 +0000 (UTC) Received: from mail-fx0-f53.google.com (mail-fx0-f53.google.com [209.85.161.53]) by pigeon.gentoo.org (Postfix) with ESMTP id 41157E06D8; Tue, 28 Sep 2010 09:43:44 +0000 (UTC) Received: by fxm18 with SMTP id 18so508234fxm.40 for ; Tue, 28 Sep 2010 02:43:43 -0700 (PDT) Received: by 10.223.110.68 with SMTP id m4mr9088898fap.0.1285667023107; Tue, 28 Sep 2010 02:43:43 -0700 (PDT) Received: from [172.28.8.1] (host249-252-static.95-94-b.business.telecomitalia.it [94.95.252.249]) by mx.google.com with ESMTPS id 2sm2965797faz.38.2010.09.28.02.43.42 (version=SSLv3 cipher=RC4-MD5); Tue, 28 Sep 2010 02:43:42 -0700 (PDT) Sender: =?UTF-8?Q?Diego_Elio_Petten=C3=B2?= Subject: [gentoo-qa] Portage to die on sure-enough _FORTIFY_SOURCE overflows From: Diego Elio =?ISO-8859-1?Q?Petten=F2?= To: gentoo-dev@lists.gentoo.org Cc: gentoo-qa@lists.gentoo.org Content-Type: text/plain; charset="UTF-8" Date: Tue, 28 Sep 2010 11:43:28 +0200 Message-ID: <1285667008.13141.31.camel@yamato.local> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-qa@lists.gentoo.org Reply-to: gentoo-qa@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.30.3 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 9c281cb9-1110-4bbc-bbed-cd6f0ba85ac2 X-Archives-Hash: 368812d3b1a90fcea6ad6c1e93917997 Hi all, since the last time I asked Zac about this it came back to bite me[1] this time I'm going to send the announce to the list first, and if nobody can actually come up with a good reason not to, I'm going to ask Zac tomorrow to re-enable the feature. What is this about? Portage already reports some of the overflow warnings coming from the glibc fortified sources (-D_FORTIFY_SOURCE=3D2 -O2 =E2=80=94 enabled since gcc 4.3.3-r1 and even stronger with gcc 4.5 a= nd glibc 2.12+, afaict), but they really are divided into two categories: - might overflow (depends on combination of parameters and variables the compiler can't completely untangle); - _will_ overflow (whenever that code path is hit, an overflow will happen). The former we should highlight but not die upon; the latter, though... As Mike and me expressed on the linked bug, code that is built with that warning is code that is going to crash as surely as char *foo =3D NULL; foo[3] =3D 'a'; which could result in nasty surprises for users (see [2] for the whole reasoning). Now, we've not seen "proper" false positives (in the Portage sense I mean =E2=80=94 because even if the C library hits a false positive, it _w= ill_ crash with an abort() from its own code!), but Kumba pointed me at a case that wasn't entirely clear, and took a bit of detective work to track down [3] so you could have users report issues you cannot easily identify or reproduce. I cannot make promises, but if all else fail I'll see to be around to help you with those cases. So if you want to have your say, gentoo-qa is there for that. Thank you, [1] https://bugs.gentoo.org/show_bug.cgi?id=3D337031 [2] http://blog.flameeyes.eu/2010/09/14/not-all-failures-are-caused-equal [3] http://blog.flameeyes.eu/2010/09/12/some-_fortify_source-far-fetched-warn= ings-are-funny --=20 Diego Elio Petten=C3=B2 =E2=80=94 =E2=80=9CFlameeyes=E2=80=9D http://blog.flameeyes.eu/ If you found a .asc file in this mail and know not what it is, it's a GnuPG digital signature: http://www.gnupg.org/