Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: (gcc4 O1+) perl-DBD-pg Placeholders no longer functioning https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=156840 ------- Additional Comments From jakub@xxxxxxxxxx 2005-05-24 06:05 EST ------- It seems to be the dbd_st_prepare_statement routine in dbdimp.c that matters. If this routine is built with -D_FORTIFY_SOURCE=2, make test fails, with -D_FORTIFY_SOURCE=1 succeeds. It is irrelevant whether the other .o files are built with fortify 1 or 2, and similarly for other routines in dbdimp.c. But looking at the assembly difference, it is really minimal: --- /tmp/1 2005-05-24 11:29:49.000000000 +0200 +++ /tmp/2 2005-05-24 11:39:23.000000000 +0200 @@ -50,11 +50,13 @@ dbd_st_prepare_statement: # basic block 1 movl -32(%ebp), %edi # imp_dbh, movl 112(%edi), %eax # <variable>.prepare_number, <variable>.prepare_number - movl %eax, 8(%esp) # <variable>.prepare_number, + movl %eax, 16(%esp) # <variable>.prepare_number, leal .LC149@GOTOFF(%ebx), %eax #, tmp109 - movl %eax, 4(%esp) # tmp109, + movl %eax, 12(%esp) # tmp109, + movl $-1, 8(%esp) #, + movl $1, 4(%esp) #, movl %edx, (%esp) # D.18444, - call sprintf@PLT # + call __sprintf_chk@PLT # movl 12(%ebp), %eax # imp_sth, movl 128(%eax), %edx # <variable>.prepare_name, temp.762 cld @@ -282,12 +284,14 @@ dbd_st_prepare_statement: ret .L1348: # basic block 27 - movl %eax, 12(%esp) # D.18478, - movl %edi, 8(%esp) # statement, + movl %eax, 20(%esp) # D.18478, + movl %edi, 16(%esp) # statement, leal .LC152@GOTOFF(%ebx), %eax #, tmp140 - movl %eax, 4(%esp) # tmp140, + movl %eax, 12(%esp) # tmp140, + movl $-1, 8(%esp) #, + movl $1, 4(%esp) #, movl %edi, (%esp) # statement, - call sprintf@PLT # + call __sprintf_chk@PLT # .L1303: # basic block 28 movl 12(%esi), %esi # <variable>.nextseg, currseg.772 and I don't see how that would change things (__sprintf_chk (buf, 1, -1, ...) works like sprintf, except %n from writable memory is refused (but there is no %n in this case and format strings are in read-only memory) and -1 length means no length limit). 20(%esp) is still in the area used for outgoing arguments, %ebp - %esp is 72 bytes and the lowest variable is at -48(%ebp). The code quality of that routine is horrible, look e.g. at this junk line: imp_sth->prepare_name[strlen(imp_sth->prepare_name)]='\0'; -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
