[PATCH] shell32: use flexible arrays to avoid fortify failures

Mike Frysinger vapier at gentoo.org
Tue Sep 21 03:42:34 CDT 2010

On Tuesday, September 21, 2010 04:21:28 Reece Dunn wrote:
> On 21 September 2010 08:58, Mike Frysinger wrote:
> > fortify is only adding security/sanity checks to functions.  so if you
> > do: char f[1];
> >        strcpy(f, "1234");
> > the C library, with help from the compiler, will then perform constant
> > checks on these things.  since 5 bytes is more than the storage of "f"
> > can hold, you get a build time warning.  and then at runtime, if this
> > code is attempted to be executed, it will abort() before the storage is
> > allowed to overflow.
> > 
> > the problem with the wine code is that it declares a buffer as 1 byte
> > long even though in reality it is the start of a flexible string.  newer
> > C specs account for this behavior by introducing the "[]" syntax.  the C
> > library will not perform length checks on these strings since it has no
> > idea what its limits are at build time.
> Ah, I see.
> You could always do something like:
>     strcpy((char *)pidl->anysize, "1234");
> Which would force the compiler to use the char * version instead of
> the char [n] version of the strcpy function in this example.
> This would then work in any compiler without special casing for
> compilers that have fortify -- especially when public structures get
> impacted.

no, that wouldnt help.  the compiler is too smart and is still able to 
propagate the constant storage information to the checking code.  someone 
suggested that in a past thread on this topic.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://www.winehq.org/pipermail/wine-devel/attachments/20100921/e80becc7/attachment.pgp>

More information about the wine-devel mailing list