Opened 9 years ago

Closed 9 years ago

Last modified 7 years ago

#2031 closed defect (fixed)

gcc warning : not protecting function: no buffer at least 8 bytes long

Reported by: keb Owned by:
Priority: Medium Milestone:
Component: Core Tor/Tor Version:
Severity: Keywords: debian --gcc-hardening --linker-hardening
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

compiling tor-0.2.2.17-alpha with --gcc-hardening --linker-hardening

http://pastebin.ca/1958264

occurs on both debian etch and ubuntu 10.04

Child Tickets

Attachments (1)

bug.txt (44.1 KB) - added by keb 9 years ago.
log of configure and make

Download all attachments as: .zip

Change History (10)

comment:1 Changed 9 years ago by Sebastian

Interesting. I wonder if the warning is bogus.
It happens because we do this:
  char hdr[VAR_CELL_HEADER_SIZE]; where VAR_CELL_HEADER_SIZE is 5

In theory we're setting stack-protector-all, so this warning should not happen.

Changed 9 years ago by keb

Attachment: bug.txt added

log of configure and make

comment:3 Changed 9 years ago by Sebastian

Well, we're using

  if test x$have_gcc42 = xyes ; then?
    # These warnings break gcc 4.0.2 and work on gcc 4.2
    # XXXX020 Use -fstack-protector.
    # XXXX020 See if any of these work with earlier versions.
    CFLAGS="$CFLAGS -Waddress -Wmissing-noreturn -Wnormalized=id -Woverride-init -Wstrict-overflow=1 --param ssp-buffer-size=1"
    # We used to use -Wstrict-overflow=5, but that breaks us heavily under 4.3.
  fi

Looks like we need to carefully evaluate which options to use depending on the compiler's version.

comment:4 Changed 9 years ago by keb

on ubuntu it is gcc (Ubuntu 4.4.3-4ubuntu5) 4.4.3
on debian it is gcc (GCC) 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)

comment:5 Changed 9 years ago by nickm

What's that "--param ssp-buffer-size=1" doing there? It's not a warning option, it's a compilation option, and that code is code to add extra warnings when building with --enable-gcc-warnings , right?

comment:6 Changed 9 years ago by Sebastian

Hah. You're right. We never saw this because we always compile with --enable-gcc-warnings.

Needs a backport to 0.2.2. We should still sort out the XXX there

comment:7 Changed 9 years ago by Sebastian

Status: newneeds_review

branch bug2031 in my repo has a fix. It is based on 0.2.2, but also merges cleanly into master.

comment:8 Changed 9 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Merged to 0.2.2 and master.

comment:9 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.