Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

configure: Raise FORTIFY_SOURCE level to 3 #51

Closed
wants to merge 1 commit into from
Closed

configure: Raise FORTIFY_SOURCE level to 3 #51

wants to merge 1 commit into from

Conversation

zdohnal
Copy link
Member

@zdohnal zdohnal commented Mar 24, 2023

The present GCC supports level 3 for some time, try using it.

@zdohnal
configure: Raise FORTIFY_SOURCE level to 3
5a815cc 
The present GCC supports level 3 for some time, try using it.
@michaelrsweet
Copy link
Member

Let's see where CUPS 2.x issue 642 goes before we adopt this here.

Info about what level 3 does is here

FWIW, there is a cost of using this (both code size and execution time), which we should also look at.

@michaelrsweet michaelrsweet self-assigned this Mar 24, 2023
@michaelrsweet michaelrsweet added enhancement New feature or request platform issue Issue is specific to an OS or desktop priority-low labels Mar 24, 2023
@michaelrsweet michaelrsweet added this to the v3.0 milestone Mar 24, 2023
@michaelrsweet
Copy link
Member

"make test" times in the "cups" directory (so not the ippeveprinter tests) with level 2 on Ubuntu 22.04 LTS running in multipass on my M1 Max MacBook Pro:

real	2m12.010s
user	0m33.490s
sys	1m38.464s

real	2m12.199s
user	0m32.787s
sys	1m39.230s

real	2m12.827s
user	0m33.158s
sys	1m39.640s

Level 3, same system:

real	2m13.126s
user	0m33.086s
sys	1m39.852s

real	27m56.760s
user	0m32.334s
sys	1m39.600s

real	2m12.798s
user	0m32.338s
sys	1m40.285s

So it doesn't look like there is any measurable overhead for using level 3. (there is that one odd real time for the second level 3 run, but I know I didn't wait 27 minutes so ??? User and system times are pretty much the same across the board.

@michaelrsweet
Copy link
Member

Sizes of the level 2 object files is 5198576 bytes:

-rw-rw-r-- 1 ubuntu ubuntu   26752 Mar 24 07:56 array.o
-rw-rw-r-- 1 ubuntu ubuntu   54056 Mar 24 07:56 auth.o
-rw-rw-r-- 1 ubuntu ubuntu   60632 Mar 24 07:56 debug.o
-rw-rw-r-- 1 ubuntu ubuntu   49912 Mar 24 07:56 dest-job.o
-rw-rw-r-- 1 ubuntu ubuntu   54528 Mar 24 07:56 dest-localization.o
-rw-rw-r-- 1 ubuntu ubuntu  121824 Mar 24 07:56 dest-options.o
-rw-rw-r-- 1 ubuntu ubuntu  151424 Mar 24 07:56 dest.o
-rw-rw-r-- 1 ubuntu ubuntu   14336 Mar 24 07:56 dir.o
-rw-rw-r-- 1 ubuntu ubuntu   71192 Mar 24 07:56 dnssd.o
-rw-rw-r-- 1 ubuntu ubuntu   59368 Mar 24 07:56 encode.o
-rw-rw-r-- 1 ubuntu ubuntu   73592 Mar 24 07:56 file.o
-rw-rw-r-- 1 ubuntu ubuntu   18400 Mar 24 07:56 form.o
-rw-rw-r-- 1 ubuntu ubuntu   51984 Mar 24 07:56 fuzzipp.o
-rw-rw-r-- 1 ubuntu ubuntu   34776 Mar 24 07:56 getputfile.o
-rw-rw-r-- 1 ubuntu ubuntu   46360 Mar 24 07:56 globals.o
-rw-rw-r-- 1 ubuntu ubuntu   15000 Mar 24 07:56 hash.o
-rw-rw-r-- 1 ubuntu ubuntu   49712 Mar 24 07:56 http-addr.o
-rw-rw-r-- 1 ubuntu ubuntu   53488 Mar 24 07:56 http-addrlist.o
-rw-rw-r-- 1 ubuntu ubuntu   98448 Mar 24 07:56 http-support.o
-rw-rw-r-- 1 ubuntu ubuntu  158568 Mar 24 07:56 http.o
-rw-rw-r-- 1 ubuntu ubuntu   91160 Mar 24 07:56 ipp-file.o
-rw-rw-r-- 1 ubuntu ubuntu  170032 Mar 24 07:56 ipp-support.o
-rw-rw-r-- 1 ubuntu ubuntu   57992 Dec  7  2021 ipp-vars.o
-rw-rw-r-- 1 ubuntu ubuntu  187496 Mar 24 07:56 ipp.o
-rw-rw-r-- 1 ubuntu ubuntu   44912 Mar 24 07:56 json.o
-rw-rw-r-- 1 ubuntu ubuntu   70408 Mar 24 07:56 langprintf.o
-rw-rw-r-- 1 ubuntu ubuntu 1699984 Mar 24 07:56 language.o
-rw-rw-r-- 1 ubuntu ubuntu   13456 Mar 24 07:56 md5.o
-rw-rw-r-- 1 ubuntu ubuntu   29848 Mar 24 07:56 notify.o
-rw-rw-r-- 1 ubuntu ubuntu   19432 Mar 24 07:56 options.o
-rw-rw-r-- 1 ubuntu ubuntu  101128 Mar 24 07:56 pwg-media.o
-rw-rw-r-- 1 ubuntu ubuntu   13128 Mar 24 07:56 rand.o
-rw-rw-r-- 1 ubuntu ubuntu   33680 Mar 24 07:56 raster-error.o
-rw-rw-r-- 1 ubuntu ubuntu   68176 Mar 24 07:56 raster-stream.o
-rw-rw-r-- 1 ubuntu ubuntu   25264 Dec  7  2021 raster-stubs.o
-rw-rw-r-- 1 ubuntu ubuntu   27000 Mar 24 07:56 rasterbench.o
-rw-rw-r-- 1 ubuntu ubuntu   81352 Mar 24 07:56 request.o
-rw-rw-r-- 1 ubuntu ubuntu   33864 Mar 24 07:56 string.o
-rw-rw-r-- 1 ubuntu ubuntu   10840 Mar 24 07:56 tempfile.o
-rw-rw-r-- 1 ubuntu ubuntu   36832 Mar 24 07:56 testarray.o
-rw-rw-r-- 1 ubuntu ubuntu   77160 Mar 24 07:56 testclient.o
-rw-rw-r-- 1 ubuntu ubuntu   26400 Mar 24 07:56 testcreds.o
-rw-rw-r-- 1 ubuntu ubuntu   75144 Mar 24 07:56 testcups.o
-rw-rw-r-- 1 ubuntu ubuntu   60008 Mar 24 07:56 testdest.o
-rw-rw-r-- 1 ubuntu ubuntu   37520 Mar 24 07:56 testdnssd.o
-rw-rw-r-- 1 ubuntu ubuntu   42304 Mar 24 07:56 testfile.o
-rw-rw-r-- 1 ubuntu ubuntu   25920 Mar 24 07:56 testform.o
-rw-rw-r-- 1 ubuntu ubuntu   21104 Mar 24 07:56 testgetdests.o
-rw-rw-r-- 1 ubuntu ubuntu   78416 Mar 24 07:56 testhttp.o
-rw-rw-r-- 1 ubuntu ubuntu   37456 Mar 24 07:56 testi18n.o
-rw-rw-r-- 1 ubuntu ubuntu   64544 Mar 24 07:56 testipp.o
-rw-rw-r-- 1 ubuntu ubuntu   27688 Mar 24 07:56 testjson.o
-rw-rw-r-- 1 ubuntu ubuntu   45472 Mar 24 07:56 testoptions.o
-rw-rw-r-- 1 ubuntu ubuntu   49616 Mar 24 07:56 testraster.o
-rw-rw-r-- 1 ubuntu ubuntu   93144 Mar 24 07:56 testtestpage.o
-rw-rw-r-- 1 ubuntu ubuntu   25000 Mar 24 07:56 testthreads.o
-rw-rw-r-- 1 ubuntu ubuntu   19296 Mar 24 07:56 thread.o
-rw-rw-r-- 1 ubuntu ubuntu  110216 Mar 24 07:56 tls.o
-rw-rw-r-- 1 ubuntu ubuntu   51376 Mar 24 07:56 tlscheck.o
-rw-rw-r-- 1 ubuntu ubuntu   29064 Mar 24 07:56 transcode.o
-rw-rw-r-- 1 ubuntu ubuntu   65200 Mar 24 07:56 usersys.o
-rw-rw-r-- 1 ubuntu ubuntu   56192 Mar 24 07:56 util.o

Level 3 sizes also total 5198576 bytes:

-rw-rw-r-- 1 ubuntu ubuntu   26752 Mar 24 08:10 array.o
-rw-rw-r-- 1 ubuntu ubuntu   54056 Mar 24 08:10 auth.o
-rw-rw-r-- 1 ubuntu ubuntu   60632 Mar 24 08:10 debug.o
-rw-rw-r-- 1 ubuntu ubuntu   49912 Mar 24 08:10 dest-job.o
-rw-rw-r-- 1 ubuntu ubuntu   54528 Mar 24 08:10 dest-localization.o
-rw-rw-r-- 1 ubuntu ubuntu  121824 Mar 24 08:10 dest-options.o
-rw-rw-r-- 1 ubuntu ubuntu  151424 Mar 24 08:10 dest.o
-rw-rw-r-- 1 ubuntu ubuntu   14336 Mar 24 08:10 dir.o
-rw-rw-r-- 1 ubuntu ubuntu   71192 Mar 24 08:10 dnssd.o
-rw-rw-r-- 1 ubuntu ubuntu   59368 Mar 24 08:10 encode.o
-rw-rw-r-- 1 ubuntu ubuntu   73592 Mar 24 08:10 file.o
-rw-rw-r-- 1 ubuntu ubuntu   18400 Mar 24 08:10 form.o
-rw-rw-r-- 1 ubuntu ubuntu   51984 Mar 24 08:10 fuzzipp.o
-rw-rw-r-- 1 ubuntu ubuntu   34776 Mar 24 08:10 getputfile.o
-rw-rw-r-- 1 ubuntu ubuntu   46360 Mar 24 08:10 globals.o
-rw-rw-r-- 1 ubuntu ubuntu   15000 Mar 24 08:10 hash.o
-rw-rw-r-- 1 ubuntu ubuntu   49712 Mar 24 08:10 http-addr.o
-rw-rw-r-- 1 ubuntu ubuntu   53488 Mar 24 08:10 http-addrlist.o
-rw-rw-r-- 1 ubuntu ubuntu   98448 Mar 24 08:10 http-support.o
-rw-rw-r-- 1 ubuntu ubuntu  158568 Mar 24 08:10 http.o
-rw-rw-r-- 1 ubuntu ubuntu   91160 Mar 24 08:10 ipp-file.o
-rw-rw-r-- 1 ubuntu ubuntu  170032 Mar 24 08:10 ipp-support.o
-rw-rw-r-- 1 ubuntu ubuntu   57992 Dec  7  2021 ipp-vars.o
-rw-rw-r-- 1 ubuntu ubuntu  187496 Mar 24 08:10 ipp.o
-rw-rw-r-- 1 ubuntu ubuntu   44912 Mar 24 08:10 json.o
-rw-rw-r-- 1 ubuntu ubuntu   70408 Mar 24 08:10 langprintf.o
-rw-rw-r-- 1 ubuntu ubuntu 1699984 Mar 24 08:10 language.o
-rw-rw-r-- 1 ubuntu ubuntu   13456 Mar 24 08:10 md5.o
-rw-rw-r-- 1 ubuntu ubuntu   29848 Mar 24 08:10 notify.o
-rw-rw-r-- 1 ubuntu ubuntu   19432 Mar 24 08:10 options.o
-rw-rw-r-- 1 ubuntu ubuntu  101128 Mar 24 08:10 pwg-media.o
-rw-rw-r-- 1 ubuntu ubuntu   13128 Mar 24 08:10 rand.o
-rw-rw-r-- 1 ubuntu ubuntu   33680 Mar 24 08:10 raster-error.o
-rw-rw-r-- 1 ubuntu ubuntu   68176 Mar 24 08:10 raster-stream.o
-rw-rw-r-- 1 ubuntu ubuntu   25264 Dec  7  2021 raster-stubs.o
-rw-rw-r-- 1 ubuntu ubuntu   27000 Mar 24 08:10 rasterbench.o
-rw-rw-r-- 1 ubuntu ubuntu   81352 Mar 24 08:10 request.o
-rw-rw-r-- 1 ubuntu ubuntu   33864 Mar 24 08:10 string.o
-rw-rw-r-- 1 ubuntu ubuntu   10840 Mar 24 08:10 tempfile.o
-rw-rw-r-- 1 ubuntu ubuntu   36832 Mar 24 08:10 testarray.o
-rw-rw-r-- 1 ubuntu ubuntu   77160 Mar 24 08:10 testclient.o
-rw-rw-r-- 1 ubuntu ubuntu   26400 Mar 24 08:10 testcreds.o
-rw-rw-r-- 1 ubuntu ubuntu   75144 Mar 24 08:10 testcups.o
-rw-rw-r-- 1 ubuntu ubuntu   60008 Mar 24 08:10 testdest.o
-rw-rw-r-- 1 ubuntu ubuntu   37520 Mar 24 08:10 testdnssd.o
-rw-rw-r-- 1 ubuntu ubuntu   42304 Mar 24 08:10 testfile.o
-rw-rw-r-- 1 ubuntu ubuntu   25920 Mar 24 08:10 testform.o
-rw-rw-r-- 1 ubuntu ubuntu   21104 Mar 24 08:10 testgetdests.o
-rw-rw-r-- 1 ubuntu ubuntu   78416 Mar 24 08:10 testhttp.o
-rw-rw-r-- 1 ubuntu ubuntu   37456 Mar 24 08:10 testi18n.o
-rw-rw-r-- 1 ubuntu ubuntu   64544 Mar 24 08:10 testipp.o
-rw-rw-r-- 1 ubuntu ubuntu   27688 Mar 24 08:10 testjson.o
-rw-rw-r-- 1 ubuntu ubuntu   45472 Mar 24 08:10 testoptions.o
-rw-rw-r-- 1 ubuntu ubuntu   49616 Mar 24 08:10 testraster.o
-rw-rw-r-- 1 ubuntu ubuntu   93144 Mar 24 08:10 testtestpage.o
-rw-rw-r-- 1 ubuntu ubuntu   25000 Mar 24 08:10 testthreads.o
-rw-rw-r-- 1 ubuntu ubuntu   19296 Mar 24 08:10 thread.o
-rw-rw-r-- 1 ubuntu ubuntu  110216 Mar 24 08:10 tls.o
-rw-rw-r-- 1 ubuntu ubuntu   51376 Mar 24 08:10 tlscheck.o
-rw-rw-r-- 1 ubuntu ubuntu   29064 Mar 24 08:10 transcode.o
-rw-rw-r-- 1 ubuntu ubuntu   65200 Mar 24 08:10 usersys.o
-rw-rw-r-- 1 ubuntu ubuntu   56192 Mar 24 08:10 util.o

So either the GCC in Ubuntu 22.04 LTS (11.3.0) doesn't actually support _FORTIFY_SOURCE=3 or there is no added overhead (which is inconsistent with the documentation...)

michaelrsweet added a commit that referenced this pull request Apr 11, 2023
@michaelrsweet
Update fortify level to 3 (Issue #51)
1e317aa
@michaelrsweet
Copy link
Member

[master 1e317aa] Update fortify level to 3 (Issue #51)

@zdohnal
Copy link
Member Author

zdohnal commented Apr 12, 2023

Hi Mike,

I'll add the statistics from Fedora 38 regarding _FORTIFY_SOURCE=3, but as fas as I can tell it works here - I have a detected buffer overflow in pappl due the new level (reproduceable if pappl is built with _FORTIFY_SOURCE=3 and you start lprint) - I'll send the PR right away (we subtract a higher pointer from a lower one).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@michaelrsweet michaelrsweet

Labels
enhancement New feature or request platform issue Issue is specific to an OS or desktop priority-low
Projects
None yet
Milestone
v3.0
Development

Successfully merging this pull request may close these issues.
2 participants
@zdohnal @michaelrsweet