https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94514
Bug ID: 94514
Summary: aarch64: unwinding across mixed pac-ret and
non-pac-ret frames is broken
Product: gcc
Version: 10.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: target
Assignee: unassigned at gcc dot gnu.org
Reporter: nsz at gcc dot gnu.org
Target Milestone: ---
libgcc unwinder on aarch64 fails to keep track of pauth state and may try to
authenticate return addresses that were not signed causing a runtime crash.
example c++ code that segfaults in the unwinder on a pauth enabled system:
__attribute__((noinline, target("branch-protection=pac-ret")))
static void do_throw (void)
{
throw 42;
__builtin_abort ();
}
__attribute__((noinline, target("branch-protection=none")))
static void no_pac_ret (void)
{
do_throw ();
__builtin_abort ();
}
int main ()
{
try {
no_pac_ret ();
} catch (...) {
return 0;
}
__builtin_abort ();
}
