projects / platform / upstream / gcc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6a13a4e) | patch
arm: Clear canary value after stack_protect_test [PR96191]
authorRichard Sandiford <richard.sandiford@arm.com>
Thu, 6 Aug 2020 18:19:41 +0000 (19:19 +0100)
committerRichard Sandiford <richard.sandiford@arm.com>
Thu, 6 Aug 2020 18:19:41 +0000 (19:19 +0100)
commit6a3f3e08723063ea2dadb7ddf503f02972a724e2
treef821ca505e67f83acdea248bc5439ed8e5c5b09ctree | snapshot
parent6a13a4e3f29fc4ce5eff96d74ba965c9fdc02184commit | diff
arm: Clear canary value after stack_protect_test [PR96191]

The stack_protect_test patterns were leaving the canary value in the
temporary register, meaning that it was often still in registers on
return from the function.  An attacker might therefore have been
able to use it to defeat stack-smash protection for a later function.

gcc/
PR target/96191
* config/arm/arm.md (arm_stack_protect_test_insn): Zero out
operand 2 after use.
* config/arm/thumb1.md (thumb1_stack_protect_test_insn): Likewise.

gcc/testsuite/
* gcc.target/arm/stack-protector-1.c: New test.
* gcc.target/arm/stack-protector-2.c: Likewise.
gcc/config/arm/arm.md diff | blob | history
gcc/config/arm/thumb1.md diff | blob | history
gcc/testsuite/gcc.target/arm/stack-protector-1.c [new file with mode: 0644] blob
gcc/testsuite/gcc.target/arm/stack-protector-2.c [new file with mode: 0644] blob
Domain: System / Toolchain;