https://bugzilla.novell.com/show_bug.cgi?id=272163
Summary: glibc -D_FORTIFY_SOURCE is wrong
Product: openSUSE 10.3
Version: Alpha 3plus
Platform: Other
OS/Version: Other
Status: NEW
Severity: Major
Priority: P5 - None
Component: Basesystem
AssignedTo: matz@novell.com
ReportedBy: rguenther@novell.com
QAContact: qa@suse.de
CC: jh@novell.com, pbaudis@novell.com
gcc mainline currently causes the following configure test from coreutils to be
"miscompiled" with -D_FORTIFY_SOURCE and optimization > -O0:
#include
#include
#define NGID 256
#undef MAX
#define MAX(x, y) ((x) > (y) ? (x) : (y))
int
main ()
{
gid_t gidset[NGID];
int i, n;
union { gid_t gval; long int lval; } val;
val.lval = -1;
for (i = 0; i < NGID; i++)
gidset[i] = val.gval;
n = getgroups (sizeof (gidset) / MAX (sizeof (int), sizeof (gid_t)) - 1,
gidset);
/* Exit non-zero if getgroups seems to require an array of ints. This
happens when gid_t is short int but getgroups modifies an array
of ints. */
return n > 0 && gidset[n] != val.gval;
}
the problem is with -D_FORTIFY_SOURCE causing getgroups to be "expanded" like
the following in unistd.h:
extern int __getgroups_chk (int __size, __gid_t __list[], size_t listlen)
__attribute__ ((__nothrow__)) __attribute__ ((__warn_unused_result__));
extern int __getgroups_alias (int __size, __gid_t __list[]) __asm__ (""
"getgroups") __attribute__ ((__nothrow__)) __attribute__
((__warn_unused_result__));
extern __inline __attribute__ ((__always_inline__)) int
__attribute__ ((__nothrow__)) getgroups (int __size, __gid_t __list[])
{
if (__builtin_object_size (__list, 2 > 1) != (size_t) -1
&& (!__builtin_constant_p (__size)
|| __size * sizeof (__gid_t) > __builtin_object_size (__list, 2 > 1)))
return __getgroups_chk (__size, __list, __builtin_object_size (__list, 2 >
1));
return __getgroups_alias (__size, __list);
}
and this causes us to (at -O2) compile this into an infinite loop or
(at -O) to a call sequence that blows up the stack:
Dump of assembler code for function getgroups:
0x080487b3 : push %ebp
0x080487b4 : mov %esp,%ebp
0x080487b6 : sub $0x8,%esp
0x080487b9 : mov 0xc(%ebp),%eax
0x080487bc : mov %eax,0x4(%esp)
0x080487c0 : mov 0x8(%ebp),%eax
0x080487c3 : mov %eax,(%esp)
0x080487c6 : call 0x80487b3 <getgroups>
0x080487cb : leave
0x080487cc : ret
(look how we are calling ourselves). We might consider this a gcc bug as
well.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.