[PATCH v2] Updates for stricter automatic memcpy bounds checking

Jouni Malinen j at w1.fi
Mon Apr 13 14:02:09 EDT 2015


On Sun, Apr 12, 2015 at 01:20:26PM -0700, Nick Kralevich wrote:
> Both Android's libc and glibc support _FORTIFY_SOURCE, a compiler
> and libc feature which inserts automatic bounds checking into
> common C functions such as memcpy() and strcpy(). If a buffer
> overflow occurs when calling a hardened libc function, the
> automatic bounds checking will safely shutdown the program and
> prevent memory corruption.
> 
> Android is experimenting with _FORTIFY_SOURCE=3, a new fortify
> level which enhances memcpy() to prevent overflowing an element
> of a struct. Under the enhancements, code such as
...

Thanks, applied.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list