h.b.furuseth@usit.uio.no wrote:
There is no real buffer overflow here AFAICS but the real problem is, that the destination of the strcpy() is defined as char[1] in this case (it's the nrdn member of a struct diskNode). The additional runtime check when compiling with -D_FORTIFY_SOURCE=2 sees that the destination data will not fit in there and aborts.
This is similar to the struct hack, except nrdn is not the last struct member. IIRC it actually is invalid to use nrdn as an accessor for the following struct members (from the compiler's point of view).
Another case of "not quite the Struct Hack" broke last year: ITS#6303. If _FORTIFY_SOURCE is warning us that gcc might break this code, the memcpy patch might merely shut up the warning without fixing the problem. In that case, the simplest change would be to do away with struct diskNode - or keep it for reference but not actually use it.
I'm reopening the ITS for someone else to decide if they care, I have other things on my mind currently.
Nope, we don't care. The purpose and usage of diskNode is thoroughly documented in the comments and all of the uses are correct. Marking this Test again.