[Bug target/96191] aarch64 stack_protect_test canary leak
wilson at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Tue Jul 14 22:30:21 GMT 2020
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96191
--- Comment #3 from Jim Wilson <wilson at gcc dot gnu.org> ---
The location of the canary is not known to the attacker. You are not supposed
to leak the address of the canary or the value of the canary. If you leak
either, then an attacker has a chance to restore the canary after clobbering
it.
See the descriptions of the stack_protect_set and stack_protect_test patterns
in gcc/doc/md.texi which make clear that no intermediate values should be
allowed to survive past the end of the pattern.
More information about the Gcc-bugs
mailing list