Hi,

It seems to me that disabling FORTIFY_SOURCE is a mistake. It offers a great many protections, and virtually every distribution has very intentionally turned on this compiler flag by default. Given Wine's size[1], I would argue the benefits[2] outweigh the hassle of rearranging the structures and accessors to not trick the compiler into allocating memory beyond the end of the structure for incoming strings.

It has found, at least in other projects, a lot of potential problems, and better yet, has repeatedly turned exploitable vulnerabilities into simple denial of services. I realize it's a bit of a pain to work with given how you're building some of the structures, but I'd like to ask that it not be globally disabled.

Thanks,

-Kees

[1] $ find . -type f -name '*.[ch]' | xargs wc -l | grep total 2678911 total

[2] Some details at https://wiki.ubuntu.com/CompilerFlags#-D_FORTIFY_SOURCE=2 but at least the following...

Compile time: - static buffer length checks - missed return values - open() checks for missing mode when used with O_CREAT

Run time: - dynamic buffer length checks - dynamic format string safety check - dynamic format position safety checks

Functions with buffer length (or other) checks:

asprintf confstr dprintf fgets fgetws fprintf fread fwprintf getcwd getdomainname getgroups gethostname getlogin_r gets getwd longjmp mbsnrtowcs mbsrtowcs mbstowcs memcpy memmove mempcpy memset pread64 pread printf ptsname_r read readlinkat readlink realpath recv recvfrom snprintf sprintf stpcpy stpncpy strcat strcpy strncat strncpy swprintf syslog ttyname_r vasprintf vdprintf vfprintf vfwprintf vprintf vsnprintf vsprintf vswprintf vsyslog vwprintf wcpcpy wcpncpy wcrtomb wcscat wcscpy wcsncat wcsncpy wcsnrtombs wcsrtombs wcstombs wctomb wmemcpy wmemmove wmempcpy wmemset wprintf