, which is subscribed to asterisk in Ubuntu.
https://bugs.launchpad.net/bugs/305901
Title:
Intrepid gcc -O2 breaks string appending with sprintf(), due to
fortify source patch
To manage notifications about this bug go to:
https://bugs.launchpad.net/glibc/+bug/305901/+subscriptions
--
Ubuntu
$ gcc -O2 -o foo foo.c ./foo
not fail
$ gcc -O2 -D_FORTIFY_SOURCE=2 -o foo foo.c ./foo
fail
The original report was filed in Ubuntu, where -D_FORTIFY_SOURCE=2 is enabled by
default: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/305901
C99 states:
The sprintf function is equivalent
This bug was fixed in the package glibc - 2.8~20080505-0ubuntu8
---
glibc (2.8~20080505-0ubuntu8) intrepid-proposed; urgency=low
* Add debian/patches/ubuntu/no-sprintf-pre-truncate.diff: do not
pre-clear target buffers on sprintf to retain backward compatibility
(LP:
Actually :
* On the time I've seen this problem, it was still there after three reboots.
But it has now disappeared...
* If I try to revert to an earlier version of glibc, synaptic wants as well to
remove 56 packets including some important ones... So I prefer not to try.
So for the moment,
My intrepid machines with this glibc show the expected behavior and show
no signs of regression.
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source
patch
https://bugs.launchpad.net/bugs/305901
You received this bug notification because you are a member of Ubuntu
** Tags added: verification-done
** Tags removed: verification-needed
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source
patch
https://bugs.launchpad.net/bugs/305901
You received this bug notification because you are a member of Ubuntu
Server Team, which is
Mathieu: does reverting to an earlier glibc solve the problem for you?
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source
patch
https://bugs.launchpad.net/bugs/305901
You received this bug notification because you are a member of Ubuntu
Server Team, which is
For intrepid-proposed:
glibc (2.8~20080505-0ubuntu8) intrepid-proposed; urgency=low
* Add debian/patches/ubuntu/no-sprintf-pre-truncate.diff: do not
pre-clear target buffers on sprintf to retain backward compatibility
(LP: #305901).
** Changed in: glibc (Ubuntu Intrepid)
This bug was fixed in the package glibc - 2.9-0ubuntu6
---
glibc (2.9-0ubuntu6) jaunty; urgency=low
[ Matthias Klose ]
* Merge with Debian, glibc-2.9 branch, r3200.
[ Kees Cook ]
* Add debian/patches/ubuntu/no-sprintf-pre-truncate.diff: do not
pre-clear target buffers on
Kees Cook schrieb:
On Tue, Dec 23, 2008 at 06:14:32AM -, Anders Kaseorg wrote:
Matthias, shall I go ahead and use massfile to create 231 bugs for this
issue?
It probably makes more sense to approach Debian with the mass-filing. I'd
be happy to help drive this.
seems to be the right
http://people.ubuntu.com/~kees/sprintf-glibc/
29 main
15 multiverse
208 universe
251 total
I removed a few copies of the kernel, which all show the same report, as
well as gnokii, which had a note in the Changelog about how they'd fixed
it already.
--
Intrepid gcc -O2 breaks
(er, 252 total -- I added linux back in at the last moment) I'm also
testing a patch to glibc to avoid the change in behavior when using
_FORTIFY_SOURCE.
** Attachment added: no-sprintf-pre-truncate.diff
http://launchpadlibrarian.net/20703741/no-sprintf-pre-truncate.diff
--
Intrepid gcc
Kees, some quick questions about your search:
• There are no instances of snprintf in your results. I could believe that
there aren’t any, because this use of snprintf has been broken for longer than
this use of sprintf, but I just wanted to confirm this.
• Does your search include DBS style
Oops, and I would use the right bug URL, of course.
** Attachment added: instructions file for proposed massfile, v2
http://launchpadlibrarian.net/20680112/instructions
** Attachment removed: instructions file for proposed massfile
http://launchpadlibrarian.net/20680039/instructions
--
On Tue, Dec 23, 2008 at 06:14:32AM -, Anders Kaseorg wrote:
• There are no instances of snprintf in your results.
I haven't yet re-run the search with snprintf.
• Does your search include DBS style tarball-inside-a-tarball
packages?
It does not yet, but I've put together a script that
** Also affects: owl (Ubuntu)
Importance: Undecided
Status: New
** Also affects: barnowl (Ubuntu)
Importance: Undecided
Status: New
** Also affects: nagios-plugins (Ubuntu)
Importance: Undecided
Status: New
** Also affects: xmcd (Ubuntu)
Importance: Undecided
** Also affects: ctn (Ubuntu)
Importance: Undecided
Status: New
** Also affects: hypermail (Ubuntu)
Importance: Undecided
Status: New
** Also affects: asterisk (Ubuntu)
Importance: Undecided
Status: New
** Also affects: atomicparsley (Ubuntu)
Importance:
I’m about 8% of the way through my list, and it looks like there might
indeed be a _lot_ of affected Ubuntu packages. I’ll stop filing bugs
for now and see what happens with these ones.
** Also affects: billard-gl (Ubuntu)
Importance: Undecided
Status: New
** Also affects: binutils
** Also affects: 4g8 (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
Binary package hint: gcc-4.3
In Hardy and previous releases, one could use statements such as
sprintf(buf, %s %s%d, buf, foo, bar);
to append formatted text to a buffer buf. Intrepid’s
Given the large number of affected packages, perhaps it is better to fix
the compiler option. I'm curious to see what upstream thinks of this.
** Also affects: glibc (Ubuntu)
Importance: Undecided
Status: New
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify
** Bug watch added: Sourceware.org Bugzilla #7075
http://sourceware.org/bugzilla/show_bug.cgi?id=7075
** Also affects: glibc via
http://sourceware.org/bugzilla/show_bug.cgi?id=7075
Importance: Unknown
Status: Unknown
** Changed in: glibc (Ubuntu)
Importance: Undecided = High
** Changed in: glibc
Status: Unknown = Invalid
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source
patch
https://bugs.launchpad.net/bugs/305901
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to
Searching all of Ubuntu source in Jaunty:
29 main
0 restricted
182 universe
15 multiverse
** Attachment added: report of search in main
http://launchpadlibrarian.net/20285489/main.log
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source
patch
** Attachment added: report of search in universe
http://launchpadlibrarian.net/20285495/universe.log
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source
patch
https://bugs.launchpad.net/bugs/305901
You received this bug notification because you are a member of
** Attachment added: report of search in multiverse
http://launchpadlibrarian.net/20285502/multiverse.log
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source
patch
https://bugs.launchpad.net/bugs/305901
You received this bug notification because you are a
You can search a source file for instances of it with this regex:
pcregrep -M 'sprintf\s*\(\s*([^,]*)\s*,\s*%s[^]*\s*,\s*\1\s*,'
the regexp doesn't search for snprintf, and doesn't look for functions
spanning more than one line.
I’ll stop filing bugs for now and see what happens with these
pcregrep -M 'sprintf\s*\(\s*([^,]*)\s*,\s*%s[^]*\s*,\s*\1\s*,'
the regexp doesn't search for snprintf, and doesn't look for functions
spanning more than one line.
It does with pcregrep -M. For example,
$ pcregrep -M 'sprintf\s*\(\s*([^,]*)\s*,\s*%s[^]*\s*,\s*\1\s*,' \
For snprintf, use
pcregrep -M 'snprintf\s*\(\s*([^,]*)\s*,[^,]*,\s*%s[^]*\s*,\s*\1\s*,'
$@
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source
patch
https://bugs.launchpad.net/bugs/305901
You received this bug notification because you are a member of Ubuntu
Server
yeah, my search was glitched. New logs attached only count difference
was universe, which went to 187.
** Attachment added: main.log
http://launchpadlibrarian.net/20288238/main.log
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source
patch
** Attachment added: universe.log
http://launchpadlibrarian.net/20288259/universe.log
--
Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source
patch
https://bugs.launchpad.net/bugs/305901
You received this bug notification because you are a member of Ubuntu
Server
** Attachment added: multiverse.log
http://launchpadlibrarian.net/20288264/multiverse.log
** Attachment removed: report of search in main
http://launchpadlibrarian.net/20285489/main.log
** Attachment removed: report of search in universe
31 matches
Mail list logo