> Well, now that is interesting, considering that this happens under > gcc-3.4.x, but not gcc-4.1.x. So gcc-4.2.x brought the problem back?
#!/bin/sh
for i in `seq 1 200`; do
gcc -o fgets-overflow fgets-overflow.c -U_FORTIFY_SOURCE -D_LENGTH_=$i
>/dev/null 2>&1
s=x
while echo $s | ./fgets-overflow ${#s} >/dev/null 2>&1; do
s=${s}x
done
echo $i ${#s} $((${#s} - ${i}))
done
$ ./test.sh | awk '{print $3}' | sort -unr | head -n1
16
So the biggest difference between array length and length needed to catch stack
smashing is 16.
// wbr,
Fix
pgpO2zX83Z3lo.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
