From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-patches-return-331372-listarch-gcc-patches=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 14545 invoked by alias); 8 Nov 2012 16:56:40 -0000
Received: (qmail 14537 invoked by uid 22791); 8 Nov 2012 16:56:39 -0000
X-SWARE-Spam-Status: No, hits=-5.6 required=5.0	tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,KHOP_RCVD_TRUST,KHOP_THREADED,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE,RP_MATCHES_RCVD
X-Spam-Check-By: sourceware.org
Received: from mail-vb0-f47.google.com (HELO mail-vb0-f47.google.com) (209.85.212.47)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 08 Nov 2012 16:56:30 +0000
Received: by mail-vb0-f47.google.com with SMTP id ez10so3044971vbb.20        for <gcc-patches@gcc.gnu.org>; Thu, 08 Nov 2012 08:56:29 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=google.com; s=20120113;        h=mime-version:in-reply-to:references:from:date:message-id:subject:to         :cc:content-type:x-gm-message-state;        bh=l1sTOworZv4TYVJoARiKdFzA4TGMge24z7wXZYTox0k=;        b=NN3g3iYDa7t2HmkBPZiyG5LTj5n62g0C/ZulNjaBWpy8qrBgGcG3QbuWLDzPLu8fUr         5SUKvmq+5u27S3S3FFEn0OOqvzGLRgcJ3YfjtlQWxR3nmr8gVQ+6SY5AVKbGcvlY9CDl         57VZqonlMlmABuyXEToyjx+GSlmmsesePr2ZJvzWXZPKE81mtFQpWaGIoZ2GHxPRQBHu         2A/SeQ4zKhplNbW1yEZa18F8VhpTt7ZlG7qmBKka8QXCWoTMhxlBrJzqS9x6+FUjdpCm         6to3NemeSfIpgf/HD7PWFwwIUZxbilig2z/wB4BPq1mRAVEQOtE5XUjy4cnmXUvLyo4D         dpcA==
Received: by 10.58.223.200 with SMTP id qw8mr2679160vec.12.1352393789761; Thu, 08 Nov 2012 08:56:29 -0800 (PST)
MIME-Version: 1.0
Received: by 10.58.247.170 with HTTP; Thu, 8 Nov 2012 08:56:09 -0800 (PST)
In-Reply-To: <509B7D24.5040201@redhat.com>
References: <CABtf2+SdU_aWMj-v6J=WM8onenUX0UZY72bdKj2a4JEtUXe-pw@mail.gmail.com> <509B7D24.5040201@redhat.com>
From: Caroline Tice <cmtice@google.com>
Date: Thu, 08 Nov 2012 16:56:00 -0000
Message-ID: <CABtf2+TTsxj-bdt767zW6wViEfYXgsi8ToqE1EVVhxT1qrC6PA@mail.gmail.com>
Subject: Re: [PATCH] Vtable pointer verification, gcc changes (patch 2 of 2)
To: Florian Weimer <fweimer@redhat.com>
Cc: gcc-patches@gcc.gnu.org
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQk97mmxV/KMZkhGzPWGBmImnAfbfiNgMD/hrXptNexT4zrW6QCtvGuKKO3rCx0MacbvEt8KeXhPqTZer4dKu+VEE8wQO1p7wCI8BpQwTccwCd9sKh0+l84Da7ZitoxgM1YCbkgVhG4X5wcuvG1LeZS8cALi6pOkl3+6layhCtYdDt7z1vTOxLvamZ12Q1ZZERXjsyAS
X-IsSubscribed: yes
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
X-SW-Source: 2012-11/txt/msg00694.txt.bz2

Most likely use-after-free issues, but any memory use bug lays the
program open to these attacks.

-- Caroline Tice
cmtice@google.com


On Thu, Nov 8, 2012 at 1:36 AM, Florian Weimer <fweimer@redhat.com> wrote:
> On 11/05/2012 06:48 PM, Caroline Tice wrote:
>
>> As requested, I have split the original patch into two parts: GCC
>> changes and runtime library changes.  The attached patch is fore the
>> gcc changes.
>
>
> Out of curiosity, what's the primary source of wrong vtable values you
> expect?  User-after-free issues, heap spraying, or something else?
>
> --
> Florian Weimer / Red Hat Product Security Team