https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96191
--- Comment #7 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The releases/gcc-10 branch has been updated by Richard Sandiford <rsand...@gcc.gnu.org>: https://gcc.gnu.org/g:8f6b7c9796035ad8b2cdfbce5d3d11dd4b81fad7 commit r10-8584-g8f6b7c9796035ad8b2cdfbce5d3d11dd4b81fad7 Author: Richard Sandiford <richard.sandif...@arm.com> Date: Fri Aug 7 12:15:02 2020 +0100 arm: Clear canary value after stack_protect_test [PR96191] The stack_protect_test patterns were leaving the canary value in the temporary register, meaning that it was often still in registers on return from the function. An attacker might therefore have been able to use it to defeat stack-smash protection for a later function. gcc/ PR target/96191 * config/arm/arm.md (arm_stack_protect_test_insn): Zero out operand 2 after use. * config/arm/thumb1.md (thumb1_stack_protect_test_insn): Likewise. gcc/testsuite/ * gcc.target/arm/stack-protector-1.c: New test. * gcc.target/arm/stack-protector-2.c: Likewise. (cherry picked from commit 6a3f3e08723063ea2dadb7ddf503f02972a724e2)
