On Mon, Jun 04, 2012 at 10:15:35AM +0200, Florian Weimer wrote:
> --- gcc/doc/extend.texi (revision 187951)
> +++ gcc/doc/extend.texi (working copy)
> @@ -7376,8 +7376,15 @@
> @findex __builtin___vfprintf_chk
>
> GCC implements a limited buffer overflow protection mechanism
> -that can prevent some buffer overflow attacks.
> +that can prevent some buffer overflow attacks. GNU libc uses it
> +in the implementation of the @code{_FORTIFY_SOURCE} functionality.
>
> +This protection mechanism is only a last resort. As a programmer, you
> +must not rely on its presence, but use explicit buffer length checks
> +to avoid buffer overflows. GCC may not be able to determine buffer
> +sizes accurately, and the accuracy depends on compiler version and
> +optimization level (currently, at least @option{-O2} is required).
That isn't true, at -O1 or -Os it should work just fine too, and
to some extent on the compiler side even at -O0.
So I'd just replace optimization level.*\. with compiler options.
Jakub
