Elias Diem <li...@webconect.ch> writes: > Hi lee > > On 2015-12-29, lee wrote: > >> Elias Diem <li...@webconect.ch> writes: >> >> > Hi >> > >> > I just got the following while running Vim's testsuite. >> > >> > <output> >> > *** buffer overflow detected ***: vim terminated; report to >> > <http://bugs.gentoo.org/> >> > Makefile:151: recipe for target 'af.ck' failed >> > make[2]: *** [af.ck] Killed >> > </output> >> > >> > The compiler gave me the following warning. >> > >> > [...] >> > /usr/include/bits/string3.h:110:3: warning: call to __builtin___strcpy_chk >> > will always overflow destination buffer >> > return __builtin___strcpy_chk (__dest, __src, __bos (__dest)); >> > >> > [...] >> > >> > Should I file a bug? >> >> The test was successful because the buffer overflow was detected? > > I think I don't quite understand your question. > > `make test` failed. Therefore I'd say the test was not > successful. > > I run a hardened profile. I guess that's why the overflow > was detected and vim terminated.
When you perform a strcpy() and overflow the destination buffer, you are supposed to experience a segmentation fault. It shouldn't matter whether you run a hardened profile or not for detecting these. I imagine it was discovered that a segmentation fault did occur, and that it inevitably would occur --- since gcc tells you that one will occur when using __builtin___strcpy_chk() --- and the application was terminated. Otherwise, the test would have been unsuccessful. Whether this is a bug or not depends on what you're supposed to expect, which I don't know. If someone would run the test suite on a non-hardened profile and got the same warning from gcc, but vim wouldn't be terminated when the segmentation fault occurs, then I'd be worried.
