Re: _FORTIFY_SOURCE and strncat(), buggy?
Re: _FORTIFY_SOURCE and strncat(), buggy?
- Subject: Re: _FORTIFY_SOURCE and strncat(), buggy?
- From: "Sean McBride" <email@hidden>
- Date: Thu, 24 Jul 2008 18:46:39 -0400
- Organization: Rogue Research
On 7/24/08 6:16 PM, Eric Slosser said:
>The abort is coming from within __strncat_chk().
>
>Someone else has this problem too. <http://www.unidata.ucar.edu/support/
>help/MailArchives/netcdf/msg05011.html>
That's not someone else, that's me! :)
>Add "-E -dE" to your command line, and you'll see that the line
>"strncat(buffer, "test", (size-1));" generates the following after the
>preprocesser has done its job:
>
> ((__builtin_object_size (buffer, 0) != (size_t) -1) ?
> __builtin___strcat_chk (buffer, "test", __builtin_object_size
>(buffer, 2 > 1)) :
> __inline_strncat_chk (buffer, "test", (size-1)));
>
>Here's what __builtin_object_size(buffer, 0..3) yields
>
>__builtin_object_size (buffer, 0) = -1
>__builtin_object_size (buffer, 1) = -1
>__builtin_object_size (buffer, 2) = 0
>__builtin_object_size (buffer, 3) = 0
>
>Given the following definition of __inline_strncat_chk() ...
>
>static inline char *
>__inline_strncat_chk (char * __dest, const char * __src,
> size_t __len)
>{
> return __builtin___strncat_chk (__dest, __src, __len,
>__builtin_object_size (__dest, 2 > 1));
>}
>
>... it seems like __builtin___strncat_chk is being called with the 4th
>parameter being -1. Maybe that's the problem, but that doesn't
>explain why touching buffer[0] is a fix.
Thanks for taking a look. I'm glad I'm not missing something obvious here.
--
____________________________________________________________
Sean McBride, B. Eng email@hidden
Rogue Research www.rogue-research.com
Mac Software Developer Montréal, Québec, Canada
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden