Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
glibc headers, stdio.h, and gets()
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
wcg
Guru
Guru


Joined: 06 Jan 2009
Posts: 588

PostPosted: Tue Jan 15, 2013 2:34 pm    Post subject: glibc headers, stdio.h, and gets() Reply with quote

The newer ISO C standard (I have seen it abbreviated as "c11", but
I do not know if that will be the way to specify it in gcc's -std=
option) is dropping support for the gets() function. This is not
really a bad thing (although it disagrees with the newer C++ standard),
as gets() has no provision for limiting the amount of data that gets()
will read into a bounded buffer, creating potential buffer overflow
security holes that can be exploited.

However, gcc (4.5.4 and 4.6.3) is complaining about gets() being undefined
in stdio.h when compiling source code that does not use gets().

This message is from the rcs-5.8 build log:
Code:

In file included from save-cwd.c:28:0:
./stdio.h:1010:1: error: 'gets' undeclared here (not in a function)
[snip]
make[3]: *** [save-cwd.o] Error 1


The rcs source tree has a lib directory where it creates its
own localized versions of glibc headers like stdio.h. (The source
in the lib directory is a bit like a lib directory in a gcc or binutils
source tree, where the developers are working around possible
shortcomings in the system headers in /usr/include/ on a given
system where the user is building rcs.) I assume that is where
the error that gcc is complaining about is found, since "save_cwd.c"
does not even use the gets() function (nor do any other rcs source
files).

Did the rcs sources simply "not get the memo" here about stdio.h
and the gets() declaration? The installed glibc is 2.16.

(I have rcs compiled and installed, so not a showstopper, I was only
re-emerging to accomodate USE=doc, but this could affect other,
more important source trees, so it would be good to know if there
is some simple #define or #undef that could be passed in CFLAGS
to work around the header problem.)
_________________
TIA
Back to top
View user's profile Send private message
Genone
Retired Dev
Retired Dev


Joined: 14 Mar 2003
Posts: 9013
Location: beyond the rim

PostPosted: Tue Jan 15, 2013 3:58 pm    Post subject: Reply with quote

See http://lists.gnu.org/archive/html/grub-devel/2012-07/msg00007.html, I guess rcs tries the same (note that gcc complains about the error in stdio.h, not in save-cwd.c.)
Back to top
View user's profile Send private message
wcg
Guru
Guru


Joined: 06 Jan 2009
Posts: 588

PostPosted: Wed Jan 16, 2013 5:34 am    Post subject: Reply with quote

Quote:
note that gcc complains about the error in stdio.h, not in save-cwd.c.


Right. (That URL discussing the issue is not reachable at the moment.)
I read a discussion of an issue this change in the glibc headers was causing
with C++ usage on some glibc development list (proposed fixes, short term
and long term), so I am a little familiar with the problem.

Most if not all gnu packages dealt with the security risks posed by gets()
years ago, but some may need their "header swizzling" scripts in their
build trees adapted for recent changes in glibc's stdio.h.
_________________
TIA
Back to top
View user's profile Send private message
steveL
Advocate
Advocate


Joined: 13 Sep 2006
Posts: 2720
Location: The Peanut Gallery

PostPosted: Wed Jan 16, 2013 6:05 pm    Post subject: Reply with quote

wcg wrote:
That URL discussing the issue is not reachable at the moment.

I got that too. You can get to it from: http://lists.gnu.org/archive/html/grub-devel/2012-07/ - it's the first message under 4 Jul 2012: "Fix for grub-2.0 build on systems with eglibc-2.16", and resolves to the exact same url, but you can read it.
Quote:
Most if not all gnu packages dealt with the security risks posed by gets()
years ago, but some may need their "header swizzling" scripts in their
build trees adapted for recent changes in glibc's stdio.h.

Yeah, though as you'll see a patch was provided for gnulib, so hopefully that's been sent upstream.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum