icmake disables FORTIFY

Running icmake in gdb should help identify the abort locations.

Offending code is in comp/backend.c, strcpy function:

    outbin(&opexit, sizeof(INT8)); /* generate op_ret at the end */
    strcpy(hdr.version, &version); /* set the version */
    hdr.offset[0] = ftell(s_bin); /* here the strings start */

hdr.version is defined as: char version[4]. "version" is extern, so the
length is unknown at compile time. At runtime, however, the problem
happens, as "version" is ultimately defined as "7.11.1" via rss/version.c
and /VERSION. This is a real overflow. I recommend the following patch to
for the moment until upstream has a better suggestion:

strncpy(hdr.version, version, sizeof(hdr.version));

this will leave the hdr.version unterminated, but based on other code that
tries to read it, this field appears to be evaluated not as a string, so
it's likely to be okay. If not, use:

strncpy(hdr.version, version, sizeof(hdr.version));
hdr.version[sizeof(hdr.version)-1]='\0';

This bug was fixed in the package icmake - 7.11.1-1ubuntu2

---------------
icmake (7.11.1-1ubuntu2) jaunty; urgency=low

  * comp/backend.c: use strncpy instead of strcpy to fix a runtime
    buffer overflow while assigning version number to icmake header.
    It is no longer necessary to compile with -U_FORTIFY_SOURCE in
    bootstrap.sh, thanks to Kees Cook (LP: #301624).

 -- Luca Falavigna <email address hidden> Mon, 24 Nov 2008 23:52:26 +0100