Hi Greg, pkgsrc-users@, On 09/07/2017 18:21, Greg Troxel wrote:
Pierre Pronchery <khorben%defora.org@localhost> writes:On 08/07/2017 00:36, Paul Goyette wrote:Well, the issue with memtestplus is resolved, but now I'm getting the following errors with clamav. Looks like a problem with the 'gets' macro? [...]This is because of FORTIFY indeed. I have an (ugly) patch for that (attached). Thoughts?[2. text/x-chdr; patch-libclamav_fmap.h]...Thoughts: [...]
(I do not have enough time right now to reply to this, sorry)
4) It seems like clamav shouldn't even use gets.
It doesn't, but it has a method called "gets()" in a specific class. FORTIFY uses macros to wrap known vulnerable function to an equivalent with boundary checking. Therefore here the pre-processor effectively shadows the class method with a macro of the same name, and the compiler gets confused, expecting something different :(
and on the patch itself: It would be nice to have a comment that explains what is actually going on. I'm guessing that the code defines a macro that shadows the function, but it would be good to say that and explain why the undef doesn't hurt.
Yes, sorry - and you are right. As a side effect, the #undef will effectively disable the protection around gets() for any part of the code including this header. I think we can live with that.
Cheers, -- khorben