[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[netCDF #PUM-976132]: Compile problems with NetCDF 3.6.3 and gcc's

Subject: [netCDF #PUM-976132]: Compile problems with NetCDF 3.6.3 and gcc's
Date: Tue, 22 Jul 2008 16:42:58 -0600

Sean,

Having investigated the problem, I think the ncgen code is OK, and the
abort caused by compiling with -D_FORTIFY_SOURCE=2 is spurious, as
unlikely as that seems.  The only change I made from the settings you
supplied was to add the "-g" flag to CFLAGS, so I could debug the
problem.

The code that triggers the abort is the strncat() call in the
ncgen/genlib.c function "decodify" around line 1937:

    newlen = strlen(name) + count + 1;
    newname = (char *) ecalloc(newlen);
    cp = name;
    sp = newname;
    while(*cp != '\0') {
        size_t j;
        if(*cp < 0) {
            j = *cp + 256;
        } else {
            j = *cp;
        }
        (void)strncat(sp, repls[j], newlen);
        /* _FORTIFY_SOURCE=2 is happier with this instead.  Why?? */
        /*      (void)strcat(sp, repls[j]); */
        sp += lens[j];
        newlen -= lens[j];
        cp++;
    }

As the comments indicate, replacing the strncat() call with an
strcat() call instead makes the ncgen tests succeed, but the resulting
code is less secure from buffer overflows, because it uses the
deprecated strcat() function instead of the better strncat() function.
I've gone through this code carefully with gdb, and everything is fine
when the strncat() function that is apparently substituted by the
_FORTIFY_SOURCE=2 setting gets called and causes the abort.

In this case, count is 0, name is "Dr", sp is pointing to the first
character of newly allocated space of length 3 bytes and the character
it points to is '\0' so it is the empty string.  repls[j] is the
null-terminated string "D".  newlen is 3.

The function strncat() calls __inline_strncat_chk() which calls
__builtin___strncat_chk(), where the abort occurs.

The spurious abort from calling strncat() also occurs if I configure
and build with _FORTIFY_SOURCE=1 instead of _FORTIFY_SOURCE=2.

I'm sure _FORTIFY_SOURCE is very useful, but either its implementation
for MacOS X has a problem, or I have a profound misunderstanding of
strncat() at a very fundamental level.

--Russ

Russ Rew                                         UCAR Unidata Program
address@hidden                     http://www.unidata.ucar.edu



Ticket Details
===================
Ticket ID: PUM-976132
Department: Support netCDF
Priority: Normal
Status: Closed

Prev by Date: [netCDF #TYX-942858]: NetCDF 4.0, gfortran,Cygwin, undefined reference
Next by Date: [netCDF #LEW-476569]: Problem building netcdf-3.6.0
Previous by thread: [netCDF #PUM-976132]: Compile problems with NetCDF 3.6.3 and gcc's
Next by thread: [netCDF #PUM-976132]: Compile problems with NetCDF 3.6.3 and gcc's
Index(es):
- Date
- Thread