> Well, now that is interesting, considering that this happens under > gcc-3.4.x, but not gcc-4.1.x. So gcc-4.2.x brought the problem back? > > Or perhaps it was something to do with using the uClibc ssp vs the gcc > ssp. I cannot seem to precisely remember, myself. >
__fgets-overflow.c with variable array length__:
#include <stdio.h>
#include <stdlib.h>
int
main(int argc, char *argv[])
{
char b[_LENGTH_];
int len = atoi(argv[1]);
if ((fgets(b, len, stdin)) != b)
return 1;
(void)printf("%s\n", b);
return 0;
}
__test.sh__:
#!/bin/sh
for i in `seq 1 50`; do
gcc -o fgets-overflow fgets-overflow.c -U_FORTIFY_SOURCE -D_LENGTH_=$i
>/dev/null 2>&1
s=x
while echo $s | ./fgets-overflow ${#s} >/dev/null 2>&1; do
s=${s}x
done
echo $i ${#s}
done
$ ./test.sh > test.log
Results:
1 2
2 9
3 9
4 9
5 9
6 9
7 9
8 9
9 25
10 25
11 25
12 25
13 25
14 25
15 25
16 25
17 25
18 25
19 25
20 25
21 25
22 25
23 25
24 25
25 41
26 41
27 41
28 41
29 41
30 41
31 41
32 41
33 41
34 41
35 41
36 41
37 41
38 41
39 41
40 41
41 57
42 57
43 57
44 57
45 57
46 57
47 57
48 57
49 57
50 57
pgpBqqehBS7MI.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
