[llvm-bugs] [Bug 50467] New: Potential leak of stack canary
via llvm-bugs
llvm-bugs at lists.llvm.org
Tue May 25 09:04:56 PDT 2021
https://bugs.llvm.org/show_bug.cgi?id=50467
Bug ID: 50467
Summary: Potential leak of stack canary
Product: new-bugs
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: new bugs
Assignee: unassignedbugs at nondot.org
Reporter: thibaut.sautereau at ssi.gouv.fr
CC: htmldeveloper at gmail.com, llvm-bugs at lists.llvm.org
I was reading an email [1] about a leak of the canary value in the GCC
implementation of -fstack-protector on AArch64 and RISC-V, both of which were
later fixed [2]. Then I decided to check Clang's own recent implementation for
AArch64 [3] and it seems the same issue exists: see this godbolt snippet [4],
which shows that x9 still contains the canary value right before function
return, whereas GCC, starting from 10.3, would add a `mov x9, 0` to clear it.
Also, if I'm not mistaken, the x86_64 version can similarly leak the canary
value.
[1] https://gcc.gnu.org/pipermail/gcc-patches/2020-July/549910.html
[2]
https://github.com/gcc-mirror/gcc/commit/fe1a26429038d7cd17abc53f96a6f3e2639b605f
[3]
https://github.com/llvm/llvm-project/commit/0f417789192e74f9d2fad0f6aee4efc394257176
[4] https://godbolt.org/z/aq5v8o3Mo
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210525/b7d03738/attachment.html>
More information about the llvm-bugs
mailing list