[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Another build failure - security/clamav
Hi Greg, pkgsrc-users@,
On 09/07/2017 18:21, Greg Troxel wrote:
Pierre Pronchery <khorben%defora.org@localhost> writes:
On 08/07/2017 00:36, Paul Goyette wrote:
Well, the issue with memtestplus is resolved, but now I'm getting the
following errors with clamav.
Looks like a problem with the 'gets' macro? [...]
This is because of FORTIFY indeed. I have an (ugly) patch for that
[2. text/x-chdr; patch-libclamav_fmap.h]...
(I do not have enough time right now to reply to this, sorry)
4) It seems like clamav shouldn't even use gets.
It doesn't, but it has a method called "gets()" in a specific class.
FORTIFY uses macros to wrap known vulnerable function to an equivalent
with boundary checking. Therefore here the pre-processor effectively
shadows the class method with a macro of the same name, and the compiler
gets confused, expecting something different :(
and on the patch itself:
It would be nice to have a comment that explains what is actually
going on. I'm guessing that the code defines a macro that shadows the
function, but it would be good to say that and explain why the undef
Yes, sorry - and you are right. As a side effect, the #undef will
effectively disable the protection around gets() for any part of the
code including this header. I think we can live with that.
Main Index |
Thread Index |