On 10/20/07, Fix <[EMAIL PROTECTED]> wrote: > Hello. > > Just finished basic system with all HLFS patches (glibc-2.6.1, gcc-4.2.2, > binutils-2.18, amd64/multilib, dpkg > as a package manager) and trying to compile and run test programs > (strcpy-overflow.c, strcat-overflow.c, > fgets-overflow.c) > > I noticed that SSP catches stack smashing in fgets-overflow.c only when I > pass 25+ in the command line: > (lesser value does nothing) > $ echo abcdefghijklm111111111111111111111111111 | ./fgets-overflow 25 > abcdefghijklm11111111111 > *** stack smashing detected ***: ./fgets-overflow terminated > Aborted > > when fgets-overflow.c is compiled as follows: > $ gcc -o fgets-overflow fgets-overflow.c -U_FORTIFY_SOURCE > > But when I compile it as a 32-bit program, all goes as expected: > $ gcc -m32 -o fgets-overflow fgets-overflow.c -U_FORTIFY_SOURCE > $ echo abcdefghijklm111111111111111111111111111 | ./fgets-overflow 11 > abcdefghij > *** stack smashing detected ***: ./fgets-overflow terminated > Aborted > > Some data alignment? > > > // wbr, > Fix >
Well, now that is interesting, considering that this happens under gcc-3.4.x, but not gcc-4.1.x. So gcc-4.2.x brought the problem back? Or perhaps it was something to do with using the uClibc ssp vs the gcc ssp. I cannot seem to precisely remember, myself. -- Kevin Day -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
