From Fedora Project Wiki
Hardening detection: _FORTIFY_SOURCE
GCC and glibc redirect calls to function such as strcpy to replacements like __strcpy_chk and supply additional length information for buffer overflow checks.
Currently, strcpy is used if
- fortify is disabled,
- no length information is available, or
- the call is known to be safe.
Which alternative applies requires looking at the assembly. Presence of calls to _chk functions depends on optimizations, and those in turn depend on the architecture, which makes verification very difficult.
The challenge here is that _FORTIFY_SOURCE is a preprocessor macro, and what happens behind the scenes differs from function to function. Addressing may need changes to both glibc and GCC.