[Bug 1059075] New: -fstack-clash-protection writes beyond array bounds
http://bugzilla.suse.com/show_bug.cgi?id=1059075 Bug ID: 1059075 Summary: -fstack-clash-protection writes beyond array bounds Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: rguenther@suse.com Reporter: schwab@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- When allocating a zero-length array with alloca or as a VLA the code produced by -fstack-clash-protection accesses the array beyond bounds. The failure can best be seen on armv7 (or targets without their own probe_stack insn) where a stack probe is destructive, and where it breaks glibc. https://build.opensuse.org/package/live_build_log/Base:System/glibc/openSUSE... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1059075
Andreas Schwab
http://bugzilla.suse.com/show_bug.cgi?id=1059075
http://bugzilla.suse.com/show_bug.cgi?id=1059075#c1
--- Comment #1 from Andreas Schwab
http://bugzilla.suse.com/show_bug.cgi?id=1059075
http://bugzilla.suse.com/show_bug.cgi?id=1059075#c2
--- Comment #2 from Richard Biener
http://bugzilla.suse.com/show_bug.cgi?id=1059075
http://bugzilla.suse.com/show_bug.cgi?id=1059075#c3
--- Comment #3 from Richard Biener
The C standard says that VLA shall not have zero size, but a size of 1 is valid, and the default probe_stack expansion writes to a MEM of word_mode.
So the question is whether we at least align the allocation to word_mode which I doubt. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1059075
http://bugzilla.suse.com/show_bug.cgi?id=1059075#c4
--- Comment #4 from Andreas Schwab
http://bugzilla.suse.com/show_bug.cgi?id=1059075
Andreas Schwab
http://bugzilla.suse.com/show_bug.cgi?id=1059075
http://bugzilla.suse.com/show_bug.cgi?id=1059075#c5
--- Comment #5 from Andreas Schwab
http://bugzilla.suse.com/show_bug.cgi?id=1059075
http://bugzilla.suse.com/show_bug.cgi?id=1059075#c6
--- Comment #6 from Michael Matz
http://bugzilla.suse.com/show_bug.cgi?id=1059075
Marcus Meissner
http://bugzilla.suse.com/show_bug.cgi?id=1059075
http://bugzilla.suse.com/show_bug.cgi?id=1059075#c7
--- Comment #7 from Andreas Schwab
http://bugzilla.suse.com/show_bug.cgi?id=1059075
http://bugzilla.suse.com/show_bug.cgi?id=1059075#c8
--- Comment #8 from Andreas Schwab
http://bugzilla.suse.com/show_bug.cgi?id=1059075
http://bugzilla.suse.com/show_bug.cgi?id=1059075#c9
--- Comment #9 from Andreas Schwab
http://bugzilla.suse.com/show_bug.cgi?id=1059075
http://bugzilla.suse.com/show_bug.cgi?id=1059075#c10
--- Comment #10 from Andreas Schwab
http://bugzilla.suse.com/show_bug.cgi?id=1059075
http://bugzilla.suse.com/show_bug.cgi?id=1059075#c11
--- Comment #11 from Marcus Meissner
http://bugzilla.suse.com/show_bug.cgi?id=1059075
http://bugzilla.suse.com/show_bug.cgi?id=1059075#c12
--- Comment #12 from Andreas Schwab
http://bugzilla.suse.com/show_bug.cgi?id=1059075
http://bugzilla.suse.com/show_bug.cgi?id=1059075#c13
--- Comment #13 from Michael Matz
http://bugzilla.suse.com/show_bug.cgi?id=1059075
http://bugzilla.suse.com/show_bug.cgi?id=1059075#c14
--- Comment #14 from Andreas Schwab
http://bugzilla.suse.com/show_bug.cgi?id=1059075
http://bugzilla.suse.com/show_bug.cgi?id=1059075#c17
Marcus Meissner
http://bugzilla.suse.com/show_bug.cgi?id=1059075
http://bugzilla.suse.com/show_bug.cgi?id=1059075#c18
Andreas Schwab
http://bugzilla.suse.com/show_bug.cgi?id=1059075
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1059075
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1059075
http://bugzilla.suse.com/show_bug.cgi?id=1059075#c19
--- Comment #19 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1059075
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1059075
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1059075
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1059075
http://bugzilla.suse.com/show_bug.cgi?id=1059075#c20
--- Comment #20 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1059075
http://bugzilla.suse.com/show_bug.cgi?id=1059075#c21
--- Comment #21 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1059075
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1059075
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1059075
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1059075
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1059075
http://bugzilla.suse.com/show_bug.cgi?id=1059075#c22
--- Comment #22 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1059075
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1059075
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1059075
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1059075
http://bugzilla.suse.com/show_bug.cgi?id=1059075#c23
--- Comment #23 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1059075
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1059075
http://bugzilla.suse.com/show_bug.cgi?id=1059075#c26
--- Comment #26 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1059075
Swamp Workflow Management
participants (1)
-
bugzilla_noreply@novell.com