? lib/libc/ssp/o
Index: include/ssp/ssp.h
===================================================================
RCS file: /cvsroot/src/include/ssp/ssp.h,v
retrieving revision 1.10
diff -u -u -r1.10 ssp.h
--- include/ssp/ssp.h	8 Aug 2012 20:23:32 -0000	1.10
+++ include/ssp/ssp.h	7 Apr 2015 17:43:27 -0000
@@ -77,6 +77,9 @@
 #define __ssp_redirect0(rtype, fun, args, call) \
     __ssp_redirect_raw(rtype, fun, fun, args, call, __ssp_bos0)
 
+#define __ssp_overlap(a, b, l) \
+    (((a) <= (b) && (b) <= (a) + (l)) || ((b) <= (a) && (a) <= (b) + (l)))
+
 __BEGIN_DECLS
 void __stack_chk_fail(void) __dead;
 void __chk_fail(void) __dead;
Index: lib/libc/ssp/memcpy_chk.c
===================================================================
RCS file: /cvsroot/src/lib/libc/ssp/memcpy_chk.c,v
retrieving revision 1.5
diff -u -u -r1.5 memcpy_chk.c
--- lib/libc/ssp/memcpy_chk.c	17 Sep 2014 00:39:28 -0000	1.5
+++ lib/libc/ssp/memcpy_chk.c	7 Apr 2015 17:43:27 -0000
@@ -46,5 +46,9 @@
 {
 	if (len > slen)
 		__chk_fail();
+
+	if (__ssp_overlap(src, dst, len))
+		__chk_fail();
+
 	return memcpy(dst, src, len);
 }
Index: lib/libc/ssp/stpcpy_chk.c
===================================================================
RCS file: /cvsroot/src/lib/libc/ssp/stpcpy_chk.c,v
retrieving revision 1.5
diff -u -u -r1.5 stpcpy_chk.c
--- lib/libc/ssp/stpcpy_chk.c	6 Apr 2014 19:29:25 -0000	1.5
+++ lib/libc/ssp/stpcpy_chk.c	7 Apr 2015 17:43:27 -0000
@@ -50,6 +50,9 @@
 	if (len >= slen)
 		__chk_fail();
 
+	if (__ssp_overlap(src, dst, len))
+		__chk_fail();
+
 	(void)memcpy(dst, src, len + 1);
 	return dst + len;
 }
Index: lib/libc/ssp/stpncpy_chk.c
===================================================================
RCS file: /cvsroot/src/lib/libc/ssp/stpncpy_chk.c,v
retrieving revision 1.2
diff -u -u -r1.2 stpncpy_chk.c
--- lib/libc/ssp/stpncpy_chk.c	6 Nov 2013 16:58:58 -0000	1.2
+++ lib/libc/ssp/stpncpy_chk.c	7 Apr 2015 17:43:27 -0000
@@ -49,5 +49,8 @@
 	if (len > slen)
 		__chk_fail();
 
+	if (__ssp_overlap(src, dst, len))
+		__chk_fail();
+
 	return stpncpy(dst, src, len);
 }
Index: lib/libc/ssp/strcpy_chk.c
===================================================================
RCS file: /cvsroot/src/lib/libc/ssp/strcpy_chk.c,v
retrieving revision 1.7
diff -u -u -r1.7 strcpy_chk.c
--- lib/libc/ssp/strcpy_chk.c	17 Sep 2014 00:39:28 -0000	1.7
+++ lib/libc/ssp/strcpy_chk.c	7 Apr 2015 17:43:27 -0000
@@ -48,5 +48,8 @@
 	if (len > slen)
 		__chk_fail();
 
+	if (__ssp_overlap(src, dst, len))
+		__chk_fail();
+
 	return memcpy(dst, src, len);
 }
Index: lib/libc/ssp/strncpy_chk.c
===================================================================
RCS file: /cvsroot/src/lib/libc/ssp/strncpy_chk.c,v
retrieving revision 1.5
diff -u -u -r1.5 strncpy_chk.c
--- lib/libc/ssp/strncpy_chk.c	17 Sep 2014 00:39:28 -0000	1.5
+++ lib/libc/ssp/strncpy_chk.c	7 Apr 2015 17:43:27 -0000
@@ -48,5 +48,8 @@
 	if (len > slen)
 		__chk_fail();
 
+	if (__ssp_overlap(src, dst, len))
+		__chk_fail();
+
 	return strncpy(dst, src, len);
 }