NetBSD Problem Report #44749

From jmmv@julipedia.org  Mon Mar 21 08:59:29 2011
Return-Path: <jmmv@julipedia.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id 12E6863B8DE
	for <gnats-bugs@gnats.NetBSD.org>; Mon, 21 Mar 2011 08:59:29 +0000 (UTC)
Message-Id: <20110321085244.6B0C7F08130@desky.julipedia.org>
Date: Mon, 21 Mar 2011 08:52:44 +0000 (GMT)
From: jmmv@julipedia.org
Reply-To: jmmv@julipedia.org
To: gnats-bugs@gnats.NetBSD.org
Subject: ssp tests break when built with -g
X-Send-Pr-Version: 3.95

>Number:         44749
>Category:       lib
>Synopsis:       ssp tests break when built with -g
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Mar 21 09:00:01 +0000 2011
>Last-Modified:  Sat Dec 29 06:30:01 +0000 2018
>Originator:     Julio Merino
>Release:        NetBSD 5.99.48
>Organization:

>Environment:


System: NetBSD desky 5.99.48 NetBSD 5.99.48 (GENERIC) #0: Sat Mar 19 19:30:58 GMT 2011 jmmv@desky:/s/jmmv/os/netbsd/obj.amd64/s/jmmv/os/netbsd/src/sys/arch/amd64/compile/GENERIC amd64
Architecture: x86_64
Machine: amd64
>Description:
	The tests in src/tests/lib/libc/ssp/ are supposed to trigger ssp.

	However, when such tests are built with CFLAGS=-g, the failures are
	not triggered.  I presume the code is laid out in a manner that
	prevents the buffer overflows from corrupting the stack.

	Even more, the h_gets.c file fails to build with -g because the
	compiler will spit out a warning about unsafe usage of gets().
>How-To-Repeat:
	$ cd /usr/src/tests/lib/libc/ssp
        $ vi h_gets.c
	... hack: comment out the call to gets() to let this build ...
	$ CFLAGS=-g make USETOOLS=no
	$ atf-run | atf-report
	... see everything fail ...
	$ echo 'alsdjflkdsjfld' | ./h_fgets 11
	... see this print out a string instead of triggering ssp ...
>Fix:
	Don't know what the best solution for these would be.

	Maybe forcibly ignore -g when building these tests?  Maybe split
	out the code that is supposed to trigger ssp in a single file that
	is built without -g, yet everything else carries -g?  (These
	seem a big hack instead of a real solution.)

	Rework the tests so that they trigger a failure even with -g?

>Audit-Trail:
From: coypu@sdf.org
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: lib/44749: ssp tests break when built with -g
Date: Sat, 29 Dec 2018 06:26:24 +0000

 afaik this isn't a bug on our side.
 GCC requires optimizations to be enabled for this to work.

 Another libc 'solves' it by providing a warning when you try to enable
 such mitigations but without optimizations.

>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.