From: Laszlo Ladanyi (ladanyi_at_us.ibm.com)
Date: Mon Feb 14 2000 - 00:37:08 GMT
Hello all,
A bug report:
Compiling 3.35-beta8 fails on linux with optimization being -O2 instead of
-g.
Reason:
The optimization causes the compilation of the strstr function in ci_lex.c
to fail. (Not quite certain why, the assembler output of gcc 2.95.2 seems to
be incorrect.) But anyway, as it is mentioned in the code, the library
version of strstr should be used if the OS has it.
Fix:
On the top of ci_lex.c add an extra include:
#if defined(__linux__) && defined(__ELF__)
#include <string.h>
#endif
and on line 113 change
#ifndef OS_SUNOS_4 / * use clib version for SunOS */
to
#if !defined(OS_SUNOS_4) && !(defined(__linux__) && defined(__ELF__))
=======================================
Another, potentially more serious problem:
At the end of the compilation gcc warns that
"the `gets' function is dangerous and should not be used."
It is dangerous indeed, because it does not check for buffer overruns.
I guess one could devise an argument that changes the stack deep enough
and maybe gain root access.
gets() is used in lib/libargs/testargs.c on line 218:
if (gets(buf) == NULL) {
This line should be replaced with:
if (fgets(buf, 199, stdin) == NULL) {
(199 because buf is allocated to be 200 long. Actually, after allocating
buf, buf[199] should be set to 0.)
--Laci
This archive was generated by hypermail 2.1.4 : Wed Feb 13 2002 - 21:51:33 GMT