> On Apr 28, 2018, at 9:22 PM, Florian Weimer <f...@deneb.enyo.de> wrote: > > * Thomas Preudhomme: > >> Yes absolutely, CSE needs to be avoided. I made memory access volatile >> because the change was easier to do. Also on Arm Thumb-1 computing the >> guard's address itself takes several loads so had to modify some more >> patterns. Anyway, regardless of the proper fix, do you have any objection >> to raising a CVE for that issue? > > Please file a bug in Bugzilla first and use that in the submission to > MITRE.
Thomas filed https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85434 couple of weeks ago. -- Maxim Kuvyrkov www.linaro.org
