Standalone portable header-based implementation of FORTIFY_SOURCE=3 http://git.dustri.org/fortify-headers/atom?h=experimental 2024-10-10T13:50:40Z 2024-10-10T13:50:40Z jvoisin 2024-10-10T13:50:40Z urn:sha1:e2cfd2879a15db00dfa9a42eeb1baaef6a930aff ``` Core was generated by `scripts/mod/modpost -M -m -o Module.symvers -n -T modules.order vmlinux.o'. Program terminated with signal SIGSEGV, Segmentation fault. warning: 17 src/string/strlen.c: No such file or directory (gdb) bt ``` > I think strncpy logic is broken: `__fh_size_t max_len_s = strlen(__s);` may try read past `size_t __n`. > Create a buf without any trailing `\0`, do `strncpy(dest, buf, sizeof(buf));`, it should work, since `strncpy` will stop at `sizeof buf` > but the current fority-headers implementation will do `strlen(buf)`, which will go boom when it is not terminated with \0 Reported-by: ncopa 2023-12-28T15:13:37Z jvoisin 2023-12-27T16:07:32Z urn:sha1:22a8094b41b2606084dc0c0c70487e5ed0fcb652 They were previously disabled in 80a83a5 2023-12-27T15:06:59Z jvoisin 2023-12-27T11:36:47Z urn:sha1:80a83a56b52e833e6d3afec4d0723d7625d52cee They check overlap across the whole range of the given length, but the given length is not what will actually be copied, rather it's the maximum length (if src is shorter, only length of src will be copied). This triggers false positives and traps where it shouldn't (e.g. in ICU tests). Reported-by: q66 2023-06-14T12:59:11Z jvoisin 2023-06-14T12:59:11Z urn:sha1:cb1ce9e1815a492de0f13c2b046b8472024b9f6d