public inbox for
 help / color / mirror / Atom feed
From: Richard Henderson <>
To: Will Newton <>
Cc: Carlos O'Donell <>,
	 "" <>
Subject: Re: All machines: Pointer guard testing update (Bug 15754, CVE-2013-4788).
Date: Thu, 26 Sep 2013 16:26:00 -0000	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

On 09/26/2013 08:39 AM, Will Newton wrote:
> On 26 September 2013 15:52, Carlos O'Donell <> wrote:
> Hi Carlos,
>> The fix for CVE-2013-4788 (bug 15754) contains a regression
>> test to ensure that the pointer guard is both random and
>> changes between processes.
>> In order to create the test it was necessary to add a new
>> accessor macro POINTER_CHK_GUARD to allow the regression
>> test to locate and read the pointer guard value from outside
>> of the library.
>> I have added a POINTER_CHK_GUARD implementation for *all*
>> machines. You need not do any work at this point. However,
>> for some machines I wrote the implementation without testing
>> it e.g. stack guard was just before pointer guard so
>> POINTER_CHK_GUARD is the same code with a different offset.
>> My request is that you run the testsuite and verify that
>> tst-ptrguard1 and tst-ptrguard1-static pass. If they don't
>> pass please email me and we can work out what might be
>> wrong with your POINTER_CHK_GUARD implementation.
> I noticed that alpha does something strange in this regard.
> ports/sysdeps/unix/alpha/sysdep.h:
> /* There exists generic C code that assumes that PTR_MANGLE is always
>    defined.  When generating code for the static libc, we don't have
>    __pointer_chk_guard defined.  Nor is there any place that would
>    initialize it if it were defined, so there's little point in doing
>    anything more than nothing.  */
> # ifndef __ASSEMBLER__
> #  define PTR_MANGLE(var)
> #  define PTR_DEMANGLE(var)
> # endif
> This looks like in the static case alpha will not benefit from the new
> fix. I don't have an alpha toolchain or any particular knowledge of
> alpha to verify that though.

It looks like Carlos will have just allowed that to be fixed in his patch,
since __pointer_chk_guard_local is now defined if THREAD_SET_POINTER_GUARD isn't.


  reply	other threads:[~2013-09-26 16:26 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-09-26 14:52 Carlos O'Donell
2013-09-26 15:39 ` Will Newton
2013-09-26 16:26   ` Richard Henderson [this message]
2013-09-27  1:06 ` Kaz Kojima
2013-09-27  1:43   ` Carlos O'Donell
2013-09-27  2:15     ` Kaz Kojima

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).