* Kees Cook: > I would like to propose enabling[1] the GCC hardening patches that Ubuntu > uses[2].
Seems a good idea to me. But I think we should defer the required full archive rebuild until we've got the hardening patch for operator new[] (which currently can return a heap block which is smaller than requested). I've got a preliminary version, but it's got a hole when operator new[] is invoked on a variable-length array. The easy fix would probably to outlaw heap allocation of VLAs (it's one of those C GCC extensions that leaked into C++, and it's arguably less needed for C++). -- To UNSUBSCRIBE, email to debian-gcc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
