View previous topic :: View next topic |
Author |
Message |
wcg Guru
Joined: 06 Jan 2009 Posts: 588
|
Posted: Tue Jan 15, 2013 2:34 pm Post subject: glibc headers, stdio.h, and gets() |
|
|
The newer ISO C standard (I have seen it abbreviated as "c11", but
I do not know if that will be the way to specify it in gcc's -std=
option) is dropping support for the gets() function. This is not
really a bad thing (although it disagrees with the newer C++ standard),
as gets() has no provision for limiting the amount of data that gets()
will read into a bounded buffer, creating potential buffer overflow
security holes that can be exploited.
However, gcc (4.5.4 and 4.6.3) is complaining about gets() being undefined
in stdio.h when compiling source code that does not use gets().
This message is from the rcs-5.8 build log:
Code: |
In file included from save-cwd.c:28:0:
./stdio.h:1010:1: error: 'gets' undeclared here (not in a function)
[snip]
make[3]: *** [save-cwd.o] Error 1
|
The rcs source tree has a lib directory where it creates its
own localized versions of glibc headers like stdio.h. (The source
in the lib directory is a bit like a lib directory in a gcc or binutils
source tree, where the developers are working around possible
shortcomings in the system headers in /usr/include/ on a given
system where the user is building rcs.) I assume that is where
the error that gcc is complaining about is found, since "save_cwd.c"
does not even use the gets() function (nor do any other rcs source
files).
Did the rcs sources simply "not get the memo" here about stdio.h
and the gets() declaration? The installed glibc is 2.16.
(I have rcs compiled and installed, so not a showstopper, I was only
re-emerging to accomodate USE=doc, but this could affect other,
more important source trees, so it would be good to know if there
is some simple #define or #undef that could be passed in CFLAGS
to work around the header problem.) _________________ TIA |
|
Back to top |
|
|
Genone Retired Dev
Joined: 14 Mar 2003 Posts: 9507 Location: beyond the rim
|
|
Back to top |
|
|
wcg Guru
Joined: 06 Jan 2009 Posts: 588
|
Posted: Wed Jan 16, 2013 5:34 am Post subject: |
|
|
Quote: | note that gcc complains about the error in stdio.h, not in save-cwd.c. |
Right. (That URL discussing the issue is not reachable at the moment.)
I read a discussion of an issue this change in the glibc headers was causing
with C++ usage on some glibc development list (proposed fixes, short term
and long term), so I am a little familiar with the problem.
Most if not all gnu packages dealt with the security risks posed by gets()
years ago, but some may need their "header swizzling" scripts in their
build trees adapted for recent changes in glibc's stdio.h. _________________ TIA |
|
Back to top |
|
|
steveL Watchman
Joined: 13 Sep 2006 Posts: 5153 Location: The Peanut Gallery
|
Posted: Wed Jan 16, 2013 6:05 pm Post subject: |
|
|
wcg wrote: | That URL discussing the issue is not reachable at the moment. |
I got that too. You can get to it from: http://lists.gnu.org/archive/html/grub-devel/2012-07/ - it's the first message under 4 Jul 2012: "Fix for grub-2.0 build on systems with eglibc-2.16", and resolves to the exact same url, but you can read it.
Quote: | Most if not all gnu packages dealt with the security risks posed by gets()
years ago, but some may need their "header swizzling" scripts in their
build trees adapted for recent changes in glibc's stdio.h. |
Yeah, though as you'll see a patch was provided for gnulib, so hopefully that's been sent upstream. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|