realpath() built with >=gcc-4.3 (where FORTIFY is enabled by default) and -Ox where x>0 cause application to abort.
Test case: the following code built with gcc -O2: ========================================================================== #include <stdio.h> #include <stdlib.h> #include <string.h> int main (int argc, char *argv[]) { int ret; char device_file_or_mount_point[1024]; if (argc < 2 || strlen (argv[1]) == 0) { fprintf (stderr, "%s: pass relative path.\n", argv[0]); return 1; } realpath(argv[1], device_file_or_mount_point); return 0; } ========================================================================== produces: $ ./a.out /boot/ *** buffer overflow detected ***: ./a.out terminated ======= Backtrace: ========= /lib/libc.so.6(__fortify_fail+0x37)[0x7f1adb1c33a7] /lib/libc.so.6[0x7f1adb1c03d0] /lib/libc.so.6[0x7f1adb1c0a9b] ./a.out(main+0x55)[0x7f1adb6518c5] /lib/libc.so.6(__libc_start_main+0xe6)[0x7f1adb1015c6] ./a.out[0x7f1adb651789] ======= Memory map: ======== [snip] I found this bug with umount.hal helper which started to fail here after this commit: http://cgit.freedesktop.org/hal/commit/?id=6d8eed9015a6ca648fe1dad575621b6ea959a748 But probably other applications are affected too. At least I found similar issue with python reported here: https://bugs.launchpad.net/ubuntu/+source/gcc-defaults/+bug/286334 Also I found that scilab has 6a5321bddceaf0e4761f29a507bfad6e1f3a7b33 commit (googable) that basically modifies realpath(r,a) call to a=realpath(r,NULL). Reproduced with gcc-4.4.2 (glibc-2.11) and gcc-4.3.4 (glibc-2.9_p20081201-r2) $ LC_ALL=C gcc --version gcc (Gentoo 4.4.2 p1.0) 4.4.2 $ uname -a Linux tablet 2.6.32-gentoo #2 SMP PREEMPT Sat Dec 19 23:36:55 MSK 2009 x86_64 Intel(R) Core(TM)2 Duo CPU L7500 @ 1.60GHz GenuineIntel GNU/Linux -- Summary: fortify with optimisation above -O0 cause abort in realpath() Product: gcc Version: 4.4.2 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c AssignedTo: unassigned at gcc dot gnu dot org ReportedBy: pva at gentoo dot org http://gcc.gnu.org/bugzilla/show_bug.cgi?id=42582