From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
 id 414163870841; Thu,  6 Aug 2020 18:20:05 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 414163870841
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
 s=default; t=1596738005;
 bh=eF38FodBtiVniFQB7CIB8/e7VQ/o50MZeAjnuNBhD/M=;
 h=From:To:Subject:Date:In-Reply-To:References:From;
 b=D+TE8d0IFMDSEDsY4VHfctkcpIMW3JLC4aj7zi5t0VGmXK6Ny+B5D51gGqjAJ8Z1I
 8ReGmkdVqgbV3LpeOld9ks2srkRoP3gTG9ycvavQjCm8LPCQATPM35wi/uy4zy+2dX
 FVMemeXvZFug90n20ChinkHoPLTj0oPEM5O0dl+k=
From: "cvs-commit at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug target/96191] aarch64 stack_protect_test canary leak
Date: Thu, 06 Aug 2020 18:20:05 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: target
X-Bugzilla-Version: 11.0
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: cvs-commit at gcc dot gnu.org
X-Bugzilla-Status: ASSIGNED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: rsandifo at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-96191-4-spxHAUCge2@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-96191-4@http.gcc.gnu.org/bugzilla/>
References: <bug-96191-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gcc-bugs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-bugs mailing list <gcc-bugs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Aug 2020 18:20:05 -0000

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D96191

--- Comment #5 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Richard Sandiford <rsandifo@gcc.gnu.o=
rg>:

https://gcc.gnu.org/g:6a3f3e08723063ea2dadb7ddf503f02972a724e2

commit r11-2598-g6a3f3e08723063ea2dadb7ddf503f02972a724e2
Author: Richard Sandiford <richard.sandiford@arm.com>
Date:   Thu Aug 6 19:19:41 2020 +0100

    arm: Clear canary value after stack_protect_test [PR96191]

    The stack_protect_test patterns were leaving the canary value in the
    temporary register, meaning that it was often still in registers on
    return from the function.  An attacker might therefore have been
    able to use it to defeat stack-smash protection for a later function.

    gcc/
            PR target/96191
            * config/arm/arm.md (arm_stack_protect_test_insn): Zero out
            operand 2 after use.
            * config/arm/thumb1.md (thumb1_stack_protect_test_insn): Likewi=
se.

    gcc/testsuite/
            * gcc.target/arm/stack-protector-1.c: New test.
            * gcc.target/arm/stack-protector-2.c: Likewise.=