https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105217
--- Comment #2 from Siddhesh Poyarekar <siddhesh at gcc dot gnu.org> --- OK, taking a closer look, it looks like clang simply fails to fortify fread (probably due to https://reviews.llvm.org/D109967 or something similar). Modifying the code to use __fread_chk directly: size_t rdct = __fread_chk (data, __builtin_dynamic_object_size (data, 0), (size_t)1, rem_sz, fp); causes clang to crash too because it too comes up with the same __bdos estimate for size: ``` fread: data=0xf792c0 (dsize: 16344, size: 18446744073709551615), rem_sz=16340 .. read rdct=16340 realloc to=0xf7e490-0xf83489 (newsize=20473) .. diferent buffer! fread: data=0xf82484 (dsize: 4101, size: 18446744073709551615), rem_sz=4096 .. read rdct=4096 realloc to=0xf7e490-0xf84489 (newsize=24569) fread: data=0xf83484 (dsize: 5, size: 18446744073709551615), rem_sz=4096 *** buffer overflow detected ***: terminated Aborted (core dumped) ``` dsize and size are the actual values that __bdos and __bos resolve to; I simply modified the fprintf to this: fprintf(stderr, "fread: data=%p (dsize: %zu, size: %zu), rem_sz=%d\n", data, __builtin_dynamic_object_size (data, 0), __builtin_object_size (data, 0), rem_sz); I haven't looked too closely at the failure mechanism (I will tomorrow), but this has got me inclined to think that it's an actual autogen bug that got exposed with _FORTIFY_SOURCE=3.
