On Wed, 2022-03-02 at 12:05 -0800, Reinoud Koornstra wrote: > Hi Xi, > > Thanks for your reply. > Then what is the difference between -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2 exactly? -D_FORTIFY_SOURCE=1 uses __builtin_object_size(..., 0) as the buffer size, but -D_FORTIFY_SOURCE=2 uses __builtin_object_size(..., 1). Read https://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html for the details. One case is: struct frame { int size; char buf[0]; }; union { struct frame f; char padding[100 + sizeof(struct frame)]; } u; u.frame.size = strlen(s) + 1; strcpy(u.frame.buf, s); -D_FORTIFY_SOURCE=2 will abort this, but -D_FORTIFY_SOURCE=1 won't. (Yes, I know "char buf[0]" should be changed to a flexible array member "char buf[]" to fix this, but it is just an example.) -- Xi Ruoyao <xry111@xxxxxxxxxxxxxxxx> School of Aerospace Science and Technology, Xidian University
