https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78631
--- Comment #2 from Dmitrii Kuvaiskii <dmitrii.kuvais...@tu-dresden.de> ---
(In reply to Ilya Enkovich from comment #1)
> PLT section is generated by linker. To have MPX friendly PLT you have to
> have MPX enabled linker supporting '-z bndplt' flag and GCC should be
> configured using MPX enabled toolchain to pass this linker option it by
> default.
> Situation you describe might happen when you use old bfd or any version of
> gold.
I'm not sure I understand the answer.
If I understand right, you mean that I need to build my shared libraries using
a friendly linker which supports '-z bndplt'. This I understand, but I do not
build a shared library. My problem is that I am using the 'libmpxwrappers'
library (already built together with gcc) which I believe contains a bug
because it was built incorrectly.
Here is the test case which reproduces the problem:
#include <stdio.h>
#include <string.h>
char s[10];
char d[10];
__attribute__((noinline))
char* foo(char* dst, char* src, size_t size) {
return memcpy(dst, src, size);
}
int main() {
char* r = foo(d, s, 11); // out-of-bounds!
printf("r = %p\n", r);
return 0;
}
Here is how I run it:
> gcc -fcheck-pointer-bounds -mmpx test.c
> CHKP_RT_BNDPRESERVE=0 ./a.out
r = 0x600bd8
> CHKP_RT_BNDPRESERVE=1 ./a.out
Saw a #BR! status 1 at 0x7f17bdb84189
Saw a #BR! status 1 at 0x7f17bdb84192
r = 0x600bd8
So the obvious buffer overflow in memcpy() is detected only when I set
BNDPRESERVE=1. Debugging this with gdb, I see:
Program received signal SIGSEGV, Segmentation fault.
=> 0x7ffff79cf189 <__mpx_wrapper_memmove+89>: bndcu bnd0,[r15]
So the upper-bound check detected the overflow as expected.
Can you reproduce the same behavior on your machine?
(My GCC is 6.1.0, ld is bfd version 2.26.1, I see that GCC passes '-z bndplt'
to the linker and linker eats it without problems.)
