Re: [gentoo-user] Maybe bug? (glibc related?)

2016-01-01 Thread Elias Diem 
Hi lee

On 2015-12-30, lee wrote:

> Elias Diem  writes:
> 
> >> Whether this is a bug or not depends on what you're supposed to expect,
> >> which I don't know.  If someone would run the test suite on a
> >> non-hardened profile and got the same warning from gcc, but vim wouldn't
> >> be terminated when the segmentation fault occurs, then I'd be worried.
> >
> > Ok. Well, I don't know either what to expect. I haven't got 
> > enough knowledge to analyse this. I posted it here because I 
> > was told so ;-)
> 
> Maybe someone knows ...
> 
> How do you run the test thing?  I could try and see what happens.

I clone the git repo at https://github.com/vim/vim and work 
with that.

I've got a file at http://webconect.ch/cont/vim/myenv that I 
source prior to make. For example:

$ cd vim
$ . myenv
$ make

Then, to run Vim's testsuite:

$ make test

Note that `make test` only fails if I compile with -O1.

-- 
Greetings
Elias

Re: [gentoo-user] Maybe bug? (glibc related?)

2015-12-30 Thread lee 
Elias Diem  writes:

>> Whether this is a bug or not depends on what you're supposed to expect,
>> which I don't know.  If someone would run the test suite on a
>> non-hardened profile and got the same warning from gcc, but vim wouldn't
>> be terminated when the segmentation fault occurs, then I'd be worried.
>
> Ok. Well, I don't know either what to expect. I haven't got 
> enough knowledge to analyse this. I posted it here because I 
> was told so ;-)

Maybe someone knows ...

How do you run the test thing?  I could try and see what happens.

Re: [gentoo-user] Maybe bug? (glibc related?)

2015-12-30 Thread Elias Diem 
Hi lee

On 2015-12-29, lee wrote:

> When you perform a strcpy() and overflow the destination buffer, you are
> supposed to experience a segmentation fault.  It shouldn't matter
> whether you run a hardened profile or not for detecting these.

Ok. Thanks for the explanation.

> I imagine it was discovered that a segmentation fault did occur, and
> that it inevitably would occur --- since gcc tells you that one will
> occur when using __builtin___strcpy_chk() --- and the application was
> terminated.  Otherwise, the test would have been unsuccessful.

Ok.

> Whether this is a bug or not depends on what you're supposed to expect,
> which I don't know.  If someone would run the test suite on a
> non-hardened profile and got the same warning from gcc, but vim wouldn't
> be terminated when the segmentation fault occurs, then I'd be worried.

Ok. Well, I don't know either what to expect. I haven't got 
enough knowledge to analyse this. I posted it here because I 
was told so ;-)

-- 
Greetings
Elias

Re: [gentoo-user] Maybe bug? (glibc related?)

2015-12-29 Thread lee 
Elias Diem  writes:

> Hi lee
>
> On 2015-12-29, lee wrote:
>
>> Elias Diem  writes:
>> 
>> > Hi
>> >
>> > I just got the following while running Vim's testsuite.
>> >
>> > 
>> > *** buffer overflow detected ***: vim terminated; report to 
>> > 
>> > Makefile:151: recipe for target 'af.ck' failed
>> > make[2]: *** [af.ck] Killed
>> > 
>> >
>> > The compiler gave me the following warning.
>> >
>> > [...]
>> > /usr/include/bits/string3.h:110:3: warning: call to __builtin___strcpy_chk 
>> > will always overflow destination buffer
>> >return __builtin___strcpy_chk (__dest, __src, __bos (__dest));
>> >
>> > [...]
>> >
>> > Should I file a bug?
>> 
>> The test was successful because the buffer overflow was detected?
>
> I think I don't quite understand your question.
>
> `make test` failed. Therefore I'd say the test was not 
> successful.
>
> I run a hardened profile. I guess that's why the overflow 
> was detected and vim terminated.

When you perform a strcpy() and overflow the destination buffer, you are
supposed to experience a segmentation fault.  It shouldn't matter
whether you run a hardened profile or not for detecting these.

I imagine it was discovered that a segmentation fault did occur, and
that it inevitably would occur --- since gcc tells you that one will
occur when using __builtin___strcpy_chk() --- and the application was
terminated.  Otherwise, the test would have been unsuccessful.

Whether this is a bug or not depends on what you're supposed to expect,
which I don't know.  If someone would run the test suite on a
non-hardened profile and got the same warning from gcc, but vim wouldn't
be terminated when the segmentation fault occurs, then I'd be worried.

Re: [gentoo-user] Maybe bug? (glibc related?)

2015-12-29 Thread Elias Diem 
Hi lee

On 2015-12-29, lee wrote:

> Elias Diem  writes:
> 
> > Hi
> >
> > I just got the following while running Vim's testsuite.
> >
> > 
> > *** buffer overflow detected ***: vim terminated; report to 
> > 
> > Makefile:151: recipe for target 'af.ck' failed
> > make[2]: *** [af.ck] Killed
> > 
> >
> > The compiler gave me the following warning.
> >
> > [...]
> > /usr/include/bits/string3.h:110:3: warning: call to __builtin___strcpy_chk 
> > will always overflow destination buffer
> >return __builtin___strcpy_chk (__dest, __src, __bos (__dest));
> >
> > [...]
> >
> > Should I file a bug?
> 
> The test was successful because the buffer overflow was detected?

I think I don't quite understand your question.

`make test` failed. Therefore I'd say the test was not 
successful.

I run a hardened profile. I guess that's why the overflow 
was detected and vim terminated.

-- 
Greetings
Elias

Re: [gentoo-user] Maybe bug? (glibc related?)

2015-12-29 Thread lee 
Elias Diem  writes:

> Hi
>
> I just got the following while running Vim's testsuite.
>
> 
> *** buffer overflow detected ***: vim terminated; report to 
> 
> Makefile:151: recipe for target 'af.ck' failed
> make[2]: *** [af.ck] Killed
> 
>
> The compiler gave me the following warning.
>
> [...]
> /usr/include/bits/string3.h:110:3: warning: call to __builtin___strcpy_chk 
> will always overflow destination buffer
>return __builtin___strcpy_chk (__dest, __src, __bos (__dest));
>
> [...]
>
> Should I file a bug?

The test was successful because the buffer overflow was detected?