[PATCH] shell32: use flexible arrays to avoid fortify failures
Mike Frysinger
vapier at gentoo.org
Tue Sep 21 03:42:34 CDT 2010
On Tuesday, September 21, 2010 04:21:28 Reece Dunn wrote:
> On 21 September 2010 08:58, Mike Frysinger wrote:
> > fortify is only adding security/sanity checks to functions. so if you
> > do: char f[1];
> > strcpy(f, "1234");
> > the C library, with help from the compiler, will then perform constant
> > checks on these things. since 5 bytes is more than the storage of "f"
> > can hold, you get a build time warning. and then at runtime, if this
> > code is attempted to be executed, it will abort() before the storage is
> > allowed to overflow.
> >
> > the problem with the wine code is that it declares a buffer as 1 byte
> > long even though in reality it is the start of a flexible string. newer
> > C specs account for this behavior by introducing the "[]" syntax. the C
> > library will not perform length checks on these strings since it has no
> > idea what its limits are at build time.
>
> Ah, I see.
>
> You could always do something like:
>
> strcpy((char *)pidl->anysize, "1234");
>
> Which would force the compiler to use the char * version instead of
> the char [n] version of the strcpy function in this example.
>
> This would then work in any compiler without special casing for
> compilers that have fortify -- especially when public structures get
> impacted.
no, that wouldnt help. the compiler is too smart and is still able to
propagate the constant storage information to the checking code. someone
suggested that in a past thread on this topic.
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://www.winehq.org/pipermail/wine-devel/attachments/20100921/e80becc7/attachment.pgp>
More information about the wine-devel
mailing list