[Dnsmasq-discuss] gcc warnings during build
Simon Kelley
simon at thekelleys.org.uk
Wed Sep 26 20:11:09 BST 2007
Jima wrote:
> Simon (et al),
>
> Matt Domsch (who does periodic rebuilds of Fedora packages to offer early
> warnings of failures) brought to my attention a couple of warnings
> produced during the dnsmasq build process:
>
> http://linux.dell.com/files/fedora/FixBuildRequires/mock-results-core/x86_64/dnsmasq-2.40-1.fc8.src.rpm/result/build.log
>
> Particularly, I think he's concerned with:
>
> dbus.c:115: warning: call to __builtin___memcpy_chk will always overflow destination buffer
>
> As my C skills are pitiful at best (probably more like "atrocious" by
> now), I defer to you. False positive? Very bad thing? Whiny gcc? :-)
Real bug, at worst it will cause a memory overwrite and crash when the
dbus interface is used to set an IPv6 address for a nameserver. In
theory, that might be a security hole, _except_ that an attacker would
already have to be root to use the DBus interface in the first place.
Since there's no security implication, and only very rarely used
functionality is affected, I don't think there's any need to make a
special release. I've fixed the 2.41 tree.
The other warnings are trivial, the deprecated function ones have
already been fixed and I'll do the others just for completeness.
Thanks for passing these on.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list