Diagnosing Function Pointer Security Flaws with a GCC plugin

A few months ago, I had to write some internal GCC passes to perform static analysis on the GNU C Library (glibc). I figured I might as well write them as plugins since they were unlikely to see the light of day outside of my little sandbox. Being a long time GCC contributor, but having no experience writing plugins I thought it’d be a good way to eat our own dog food, and perhaps write about my experience.

Continue reading “Diagnosing Function Pointer Security Flaws with a GCC plugin”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

-Wimplicit-fallthrough in GCC 7

In C and C++, the cases of a switch statement are in fact labels, and the switch is essentially a go to that jumps to the desired label. Since labels do not change the flow of control, one case block falls through to the following case block, unless terminated by a return, a break, a no return call or similar. In the example below, “case 1” falls through to “case 2“:

switch (cond)
   {
   case 1:
     a = 1;
   case 2:
     a = 2;
     break;
   /* ... */
   }

Continue reading “-Wimplicit-fallthrough in GCC 7”

Memory Error Detection Using GCC

Introduction

GCC has a rich set of features designed to help detect many kinds of programming errors. Of particular interest are those that corrupt the memory of a running program and, in some cases, makes it vulnerable to security threats. Since 2006, GCC has provided a solution to detect and prevent a subset of buffer overflows in C and C++ programs. Although it is based on compiler technology, it’s best known under the name Fortify Source derived from the synonymous GNU C Library macro that controls the feature: _FORTIFY_SOURCE. GCC has changed and improved considerably since its 4.1 release in 2006, and with its ability to detect these sorts of errors. GCC 7, in particular, contains a number of enhancements that help detect several new kinds of programming errors in this area. This article provides a brief overview of these new features. For a comprehensive list of all major improvements in GCC 7, please see GCC 7 Changes document.

Continue reading “Memory Error Detection Using GCC”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Testing… Testing… GCC

The next release of the GNU Compiler CollectionGCC 7, is fast approaching, so in this post, I’m going to talk about work I’ve done to make GCC more reliable

Continue reading “Testing… Testing… GCC”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Creating your first ASP.NET MVC web site on RHEL

Follow this blog post, and within minutes you will have an ASP.NET MVC website running on Red Hat Enterprise Linux (RHEL). Yes, I’m talking to you, Windows .NET developer; you’re about to double your OS skillset. Let’s do this.

Continue reading “Creating your first ASP.NET MVC web site on RHEL”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Take advantage of your Red Hat Developers membership and download RHEL today at no cost.

Adding buffer overflow detection to string functions

This article describes the steps required to add buffer overflow protection to string functions. As a real-world example, we use the strlcpy function, which is implemented in the libbsd library on some GNU/Linux systems.

This kind of buffer overflow protection uses a GNU Compiler Collection (GCC) feature for array size tracking (“source fortification”), accessed through the __builtin_object_size GCC built-in function. In general, these checks are added in a size-checking wrapper function around the original (wrapped) function, which is strlcpy in our example.

Continue reading “Adding buffer overflow detection to string functions”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

October 2016 ISO C Meeting Report

Trip Report: October 2016 WG14 Meeting

In October 2016, I attended the WG14 (C language committee) meeting in Pittsburgh, Pennsylvania. The meeting was hosted by the Computer Emergency Response Team (CERT) at the Software Engineering Institute (SEI) at Carnegie Mellon University (CMU). We had 25 representatives from 18 organizations in attendance, including CERT, Cisco, IBM, INRIA, Intel, LDRA, Oracle, Perennial, Plum Hall, Siemens, and the University of Cambridge. It was a productive four days spent on two major areas:

  • Work on C11 defect reports aimed at the upcoming C11 Technical Corrigendum (TC) expected to be finalized in 2017. This will be the last revision of C11 to be published. The next revision of C will be a “major” version that is for the time being referred to as C2X.
  • Review of proposals for the next revision of C, C2X. To meet the TC 2017 schedule some C11 defects will have to be deferred to C2X. The C2X charter is in N2086.

Below is a list of some of the interesting C2X proposals the group discussed.

Continue reading “October 2016 ISO C Meeting Report”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Welcome to Red Hat Enterprise Linux, MSBuild, a build tool for .NET Core CLI!

Microsoft announced the first “alpha” release of the new MSBuild-based .NET Core tools. .NET Core SDK which can be downloaded from the Red Hat Developer Program site consists of .NET Core Runtime and .NET Core command line tools (.NET Core CLI). (Reminder – you must have a Red Hat Enterprise Linux subscription first.  If you don’t, you can go here for a no-cost subscription.) The MSBuild tool is included in .NET Core 1.0 preview 3 (not in the latest release .NET Core 1.1). The version number is something complicated because .NET CLI is not GA but still under preview. The MSBuild tool can be used with both .NET Core 1.0 and .NET Core 1.1 runtimes. RHEL is not listed in the .NET Core SDK 1.0 Preview 3 download list. But you can try MSBuild with the .NET Core CLI daily build.

NOTE: Red Hat has just released .NET Core 1.1. However, .NET Core 1.1 doesn’t include the MSBuild tool, you can try MSBuild following this blog.

Continue reading “Welcome to Red Hat Enterprise Linux, MSBuild, a build tool for .NET Core CLI!”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Take advantage of your Red Hat Developers membership and download RHEL today at no cost.

Leap second – "I Belong to You"

Recently, I was working on a research topic for Red Hat Insights which is a hosted service designed to help people proactively identify and resolve technical issues of Red Hat products. During that time a Chinese romantic comedy film;  “I Belonged to You” was released. On hearing the name, I thought to myself, “that title couldn’t be any better for this post”. Just like the film goes, “I’m only a passerby in your world”. So did the leap second! And soon another leap second is coming – let’s cherish it this time. These little moments in time can be incredibly challenging, and also incredibly interesting. But, before we start talking about leap seconds, let’s introduce some background about time itself.

Continue reading “Leap second – "I Belong to You"”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Working with OpenShift secrets for ASP.NET Core

If you want to use secret configuration which you don’t want to store the code repository during developing ASP.NET Core app, what will you do? ASP.NET Core provides Secret Manager tool. Then how about developing on OpenShift? I’d like to talk about Secret Manager tool and working OpenShift secrets for ASP.NET Core in this blog.

Continue reading “Working with OpenShift secrets for ASP.NET Core”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 


For more information about Red Hat OpenShift and other related topics, visit: OpenShift, OpenShift Online.