> On Apr 29, 2018, at 2:11 PM, Florian Weimer <f...@deneb.enyo.de> wrote: > > * Maxim Kuvyrkov: > >>> On Apr 28, 2018, at 9:22 PM, Florian Weimer <f...@deneb.enyo.de> wrote: >>> >>> * Thomas Preudhomme: >>> >>>> Yes absolutely, CSE needs to be avoided. I made memory access volatile >>>> because the change was easier to do. Also on Arm Thumb-1 computing the >>>> guard's address itself takes several loads so had to modify some more >>>> patterns. Anyway, regardless of the proper fix, do you have any objection >>>> to raising a CVE for that issue? >>> >>> Please file a bug in Bugzilla first and use that in the submission to >>> MITRE. >> >> Thomas filed https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85434 couple >> of weeks ago. > > Is there a generic way to find other affected targets? > > If we only plan to fix 32-bit Arm, we should make the CVE identifier > specific to that, to avoid confusion.
The problem is fairly target-dependent, so architecture maintainers need to look at how stack-guard canaries and their addresses are handled and whether they can be spilled onto stack. It appears we need to poll architecture maintainers before filing the CVE. -- Maxim Kuvyrkov www.linaro.org
