-
Notifications
You must be signed in to change notification settings - Fork 17.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Memory corruption, possible security bug #221
Labels
Comments
It would be helpful if you could run 8g under gdb and get a stack trace when the smashing is detected. Thanks. Owner changed to r...@golang.org. Status changed to WaitingForReply. |
Comment 3 by x41@freeshell.org: Fresh install of: Last version of Golang cb140bac9ab0 release.2009-11-12/release Tested on Ubuntu 9.04 and Ubuntu 9.10 XXXX@XXXX:~/go_src/src$ uname -a Linux XXXX 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009 i686 GNU/Linux Attached Valgrind report and GDB report. Buggy function exits() argc=Cannot access memory at address 0xSEMIRANDOM ("main"); go_src/src/lib9/main.c main(int argc, char **argv) { p9main(argc, argv); ########### HERE ############## exits("main"); return 99; } Thanx for replying, and sorry for my late reply ( I was without money and the ISP shutdown my inet haha ) Attachments:
|
Comment 4 by x41@freeshell.org: Fresh install of: Last version of Golang cb140bac9ab0 release.2009-11-12/release Tested on Ubuntu 9.04 and Ubuntu 9.10 XXXX@XXXX:~/go_src/src$ uname -a Linux XXXX 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009 i686 GNU/Linux Attached Valgrind report and GDB report. Binary: 8g argc=Cannot access memory at address 0xSEMIRANDOM ("main"); go_src/src/lib9/main.c main(int argc, char **argv) { p9main(argc, argv); ########### HERE ############## exits("main"); return 99; =( ############ HERE ############# } Thanx for replying, and sorry for my late reply ( I was without money and the ISP shutdown my inet haha ) Attachments:
|
Comment 5 by x41@freeshell.org: /usr/include/bits/string3.h:106: warning: call to __builtin___strcpy_chk will always overflow destination buffer And this i intentionally not allowed with -D_FORTIFY_SOURCE=2, which doesn't allow crossing field boundaries for str*/stp* etc. functions (and still allows that for mem* etc.). If we use -00 the problem is resolved, but if we really need to use -02 or -03 we have to edit Make.conf and modify like this: CFLAGS=-ggdb -I$(GOROOT)/include -O2 -fno-inline -D_FORTIFY_SOURCE=1 The difference between -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2 is e.g. for struct S { struct T { char buf[5]; int x; } t; char buf[20]; } var; With -D_FORTIFY_SOURCE=1, strcpy (&var.t.buf[1], "abcdefg"); is not considered an overflow (object is whole VAR), while with -D_FORTIFY_SOURCE=2 strcpy (&var.t.buf[1], "abcdefg"); will be considered a buffer overflow. ================================================== NOTE: In Ubuntu 8.10 and later versions, -D_FORTIFY_SOURCE=2 is set by default, and is activated when -O is set to 2 or higher. This enables additional compile-time and run-time checks for several libc functions. To disable, specify either -U_FORTIFY_SOURCE or -D_FORTIFY_SOURCE=0. ================================================== It thus OK to keep the bug as RESOLVED |
This issue was closed by revision b73b43e. Status changed to Fixed. Merged into issue #-. |
This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
by x41@freeshell.org:
The text was updated successfully, but these errors were encountered: