Ubuntu

-D_FORTIFY_SOURCE discards qualifier overrides in {mem,str}cpy

Reported by Kees Cook on 2008-04-14
4
Affects Status Importance Assigned to Milestone
GLibC
Invalid
Medium
gcc
Invalid
Medium
glibc (Ubuntu)
Undecided
Kees Cook

Bug Description

Binary package hint: gcc-4.2

The following source, without the "(void*)" overrides, will throw an warning (as expected), when compiled with -Wall:

 $ gcc -o memcpy-fortify -Wall memcpy-fortify.c
 memcpy-fortify.c: In function 'main':
 memcpy-fortify.c:21: warning: passing argument 1 of 'memcpy' discards qualifiers from pointer target type
 memcpy-fortify.c:22: warning: passing argument 1 of 'strcpy' discards qualifiers from pointer target type

With "(void*)" it is (as expected) silent. With -O2, it is silent, but with -D_FORTIFY_SOURCE != 0, the qualifier override is ignored:

 $ gcc -o memcpy-fortify -Wall -O2 -D_FORTIFY_SOURCE=2 memcpy-fortify.c
 memcpy-fortify.c: In function 'main':
 memcpy-fortify.c:21: warning: passing argument 1 of 'memcpy' discards qualifiers from pointer target type
 memcpy-fortify.c:22: warning: passing argument 1 of 'strcpy' discards qualifiers from pointer target type

This will cause problems for builds that run with -Werror.

/*
 * gcc -o memcpy-fortify -Wall -Werror -O2 -D_FORTIFY_SOURCE=2 memcpy-fortify.c
 *
 */
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <stdint.h>
#include <string.h>
#include <stdint.h>
#include <inttypes.h>

int main(int argc, char * argv[])
{
    char *foo = strdup("string one");
    char *bar = strdup("string two");
    const char *baz = (const char *)foo;

    printf("%s\n", foo);

    memcpy((void*)baz, bar, strlen(bar)+1);
    strcpy((void*)baz, bar);

    printf("%s\n", foo);

    return 0;
}

The following source, without the "(void*)" overrides, will throw an warning
(as expected), when compiled with -Wall:

 $ gcc -o memcpy-fortify -Wall memcpy-fortify.c
 memcpy-fortify.c: In function 'main':
 memcpy-fortify.c:21: warning: passing argument 1 of 'memcpy' discards
qualifiers from pointer target type
 memcpy-fortify.c:22: warning: passing argument 1 of 'strcpy' discards
qualifiers from pointer target type

With "(void*)" it is (as expected) silent. With -O2, it is silent, but with
-D_FORTIFY_SOURCE != 0, the qualifier override is ignored:

 $ gcc -o memcpy-fortify -Wall -O2 -D_FORTIFY_SOURCE=2 memcpy-fortify.c
 memcpy-fortify.c: In function 'main':
 memcpy-fortify.c:21: warning: passing argument 1 of 'memcpy' discards
qualifiers from pointer target type
 memcpy-fortify.c:22: warning: passing argument 1 of 'strcpy' discards
qualifiers from pointer target type

This will cause problems for builds that run with -Werror.

/*
 * gcc -o memcpy-fortify -Wall -Werror -O2 -D_FORTIFY_SOURCE=2 memcpy-fortify.c
 *
 */
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <stdint.h>
#include <string.h>
#include <stdint.h>
#include <inttypes.h>

int main(int argc, char * argv[])
{
    char *foo = strdup("string one");
    char *bar = strdup("string two");
    const char *baz = (const char *)foo;

    printf("%s\n", foo);

    memcpy((void*)baz, bar, strlen(bar)+1);
    strcpy((void*)baz, bar);

    printf("%s\n", foo);

    return 0;
}

Changed in gcc:
status: Unknown → Invalid
Changed in glibc:
status: Unknown → Confirmed

You're using code which is too old. glibc 2.8 is out.

Changed in glibc:
status: Confirmed → Invalid

I don't see 2.8 listed here:
http://ftp.gnu.org/gnu/glibc/

Do you mean to say that 2.8 fixes this bug? If so, do you have a pointer to the
commit that fixed it so I might try backporting it to the 2.7 release?

Thanks.

Kees Cook (kees) wrote :

This is fixed in the current glibc in intrepid.

Changed in glibc:
assignee: nobody → kees
status: New → Fix Released
Changed in glibc:
importance: Unknown → Medium
Changed in gcc:
importance: Unknown → Medium
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.