On Fri, 20 Sep 2013, Bastian Blank wrote: > On Fri, Sep 20, 2013 at 03:05:37PM -0400, Yaroslav Halchenko wrote: > > long story short -- reason was the combination of optimization (-O1 was > > enough) > > + -D_FORTIFY_SOURCE=2 to fall into the "undefined" darkness of C > > standard(s) > > in s*printf() functions (man 3 sprintf, search for undefined or NOTES).
> So the code is already full of undefined behaviour? yes. but so far it was (surprisingly) consistent behaviour so far... > > On "your" code you could look for some (no multiline or more complex > > expressions, no snprintf) hits in sprintf with following grep > > grep -re 'sprintf(\s*\(\w\+\)\s*,[^,]\+,\s*\1\>' * > You search for a sprintf that references the same variable both as > source and destination? yes > C99 clearly stats: > | If copying takes place between objects that overlap, the behavior is > | undefined. > > To mitigate this issue, besides reporting upstream, for now I had to disable > > this fortification with > > DEB_BUILD_HARDENING_FORTIFY := 0 > > preceding inclusion of /usr/share/hardening-includes/hardening.make > I would call code that hits such clear definitions too buggy to be > supported. yeah -- let's burn it!!!... oh no -- I am using it, so I guess I better fix/report bugs ;-) -- Yaroslav O. Halchenko, Ph.D. http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org Senior Research Associate, Psychological and Brain Sciences Dept. Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130921010443.gc27...@onerussian.com
