another SSP bug? (Re: userland ppp ("No context" errors))
qhwt+dfly at les.ath.cx
Mon Jun 19 03:11:05 PDT 2006
(bringing an old mail from users@)
On Thu, Feb 09, 2006 at 12:48:06PM +0000, Francis Gudin wrote:
> about compilation flags, i use the following:
> CCVER= gcc34
> CFLAGS= -Os -pipe
> COPTFLAGS= -Os -pipe
> CPUTYPE= i686
> I checked ppp.conf for weird chars but nothing came out:
> aimable# tr '[\200-\377]' @ < /mnt/etc/ppp/ppp.conf | diff -u -
> I will try to recompile ppp with '-O -pipe' only and report if things
> are different. I must leave for two days: results by saturday/sunday.
This seems like another stack-smash-protector bug and still lives
in our compiler, only triggered when you use -O(s|[2-9]) flags AND
-march flag (which defaults to pentiumpro) .
If you do one of the following and the problem disappears:
- add -fno-stack-smash-protector to CFLAGS
- change prefix in function FindExec() shown below to a static array
so as there's no char array in the local parameter. char array of
size more than 8 bytes on the stack can trigger the bug.
FindExec(struct bundle *bundle, struct cmdtab const *cmds, int argc, int argn,
char const *const *argv, struct prompt *prompt, struct datalink *cx)
struct cmdtab const *cmd;
int val = 1;
struct cmdargs arg;
I havn't managed to trim down the source code to a handy size yet.
More information about the Bugs