http://bugzilla.suse.com/show_bug.cgi?id=1059075 http://bugzilla.suse.com/show_bug.cgi?id=1059075#c1 --- Comment #1 from Andreas Schwab --- The C standard says that VLA shall not have zero size, but a size of 1 is valid, and the default probe_stack expansion writes to a MEM of word_mode. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1059075 http://bugzilla.suse.com/show_bug.cgi?id=1059075#c3 --- Comment #3 from Richard Biener --- (In reply to Andreas Schwab from comment #1)

The C standard says that VLA shall not have zero size, but a size of 1 is valid, and the default probe_stack expansion writes to a MEM of word_mode.

So the question is whether we at least align the allocation to word_mode which I doubt. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1059075 Andreas Schwab changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://sourceware.org/bugz | |illa/show_bug.cgi?id=22149 -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1059075 http://bugzilla.suse.com/show_bug.cgi?id=1059075#c6 --- Comment #6 from Michael Matz --- Hmpf. Indeed, some hardening is in order, aligning the size to wordmode and checking for zeroness. I'm going to work on that, but the labs conf interferes a small bit. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1059075 http://bugzilla.suse.com/show_bug.cgi?id=1059075#c7 --- Comment #7 from Andreas Schwab --- The generated code for probing "char zero[pad]": mov r6, sp add r3, r3, #7 bic r3, r3, #7 cmp r3, #4096 bcc .L128 .L186: sub r3, r3, #4096 sub sp, sp, #4096 cmp r3, #4096 str r0, [sp, #8] bcs .L186 .L128: ldr r7, [fp, #-56] sub sp, sp, r3 mov r1, #0 add r3, sp, #8 mov r0, r3 str r0, [sp, #8] The offset of #8 means that it overwrites a nearby variable. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1059075 http://bugzilla.suse.com/show_bug.cgi?id=1059075#c9 --- Comment #9 from Andreas Schwab --- The latter is filed as PR82248. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1059075 http://bugzilla.suse.com/show_bug.cgi?id=1059075#c11 --- Comment #11 from Marcus Meissner --- so both arm 32 and 64bit are currently broken regardng that option? -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1059075 http://bugzilla.suse.com/show_bug.cgi?id=1059075#c13 --- Comment #13 from Michael Matz --- As one data point: I was comparing the testresults (GCC testsuite) of all SLE11 architectures on gcc43 with this patch, they were clean. So either the testsuite doesn't contain a problematic alloca, or only aarch64 is affected. Are we caring for arm 32 bit? -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1059075 http://bugzilla.suse.com/show_bug.cgi?id=1059075#c17 Marcus Meissner changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(schwab@suse.com) --- Comment #17 from Marcus Meissner --- Is this now better? -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1059075 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |ibs:running:5998:moderate -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1059075 http://bugzilla.suse.com/show_bug.cgi?id=1059075#c19 --- Comment #19 from Swamp Workflow Management --- SUSE-RU-2018:0014-1: An update that has one recommended fix can now be installed. Category: recommended (moderate) Bug References: 1059075 CVE References: Sources used: SUSE OpenStack Cloud 6 (src): gcc48-4.8.5-31.6.1 SUSE Linux Enterprise Workstation Extension 12-SP3 (src): libgcj48-4.8.5-31.6.1 SUSE Linux Enterprise Workstation Extension 12-SP2 (src): libgcj48-4.8.5-31.6.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): gcc48-4.8.5-31.6.1, libffi48-4.8.5-31.6.1, libgcj48-4.8.5-31.6.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): gcc48-4.8.5-31.6.1, libffi48-4.8.5-31.6.1, libgcj48-4.8.5-31.6.1 SUSE Linux Enterprise Server for SAP 12-SP1 (src): gcc48-4.8.5-31.6.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): gcc48-4.8.5-31.6.1 SUSE Linux Enterprise Server 12-SP3 (src): gcc48-4.8.5-31.6.1 SUSE Linux Enterprise Server 12-SP2 (src): gcc48-4.8.5-31.6.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): gcc48-4.8.5-31.6.1 SUSE Linux Enterprise Server 12-LTSS (src): gcc48-4.8.5-31.6.1 SUSE Linux Enterprise Desktop 12-SP3 (src): gcc48-4.8.5-31.6.1, libgcj48-4.8.5-31.6.1 SUSE Linux Enterprise Desktop 12-SP2 (src): gcc48-4.8.5-31.6.1, libgcj48-4.8.5-31.6.1 -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1059075 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|ibs:running:6053:moderate |ibs:running:6053:moderate | |obs:running:7638:moderate -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1059075 http://bugzilla.suse.com/show_bug.cgi?id=1059075#c20 --- Comment #20 from Swamp Workflow Management --- SUSE-SU-2018:0053-1: An update that solves 29 vulnerabilities and has 57 fixes is now available. Category: security (moderate) Bug References: 1003846,1004995,1009966,1022404,1025282,1025891,1026567,1029907,1029908,1029909,1029995,1030623,1035386,1036619,1039099,1039276,1039513,1040800,1040968,1041090,1043059,1043590,1043883,1043966,1044016,1045472,1045522,1045732,1047178,1047233,1048605,1048861,1050152,1050258,1050487,1052503,1052507,1052509,1052511,1052514,1052518,1053137,1053347,1053595,1053671,1055446,1055641,1055825,1056058,1056312,1056381,1057007,1057139,1057144,1057149,1057188,1057634,1057721,1057724,1058480,1058695,1058783,1059050,1059065,1059075,1059292,1059723,1060599,1060621,1061241,1061384,1062561,1063249,1063269,1064571,1064999,1065363,1066242,1066371,1066500,1066611,1067891,1070878,1070958,1071905,1071906 CVE References: CVE-2014-3710,CVE-2014-8116,CVE-2014-8117,CVE-2014-9620,CVE-2014-9621,CVE-2014-9653,CVE-2017-12448,CVE-2017-12450,CVE-2017-12452,CVE-2017-12453,CVE-2017-12454,CVE-2017-12456,CVE-2017-12799,CVE-2017-12837,CVE-2017-12883,CVE-2017-13757,CVE-2017-14128,CVE-2017-14129,CVE-2017-14130,CVE-2017-14333,CVE-2017-14529,CVE-2017-14729,CVE-2017-14745,CVE-2017-14974,CVE-2017-3735,CVE-2017-3736,CVE-2017-3737,CVE-2017-3738,CVE-2017-6512 Sources used: SUSE CaaS Platform ALL (src): sles12-caasp-dex-image-2.0.0-3.3.11, sles12-dnsmasq-nanny-image-2.0.1-2.3.15, sles12-haproxy-image-2.0.1-2.3.16, sles12-kubedns-image-2.0.1-2.3.11, sles12-mariadb-image-2.0.1-2.3.15, sles12-openldap-image-2.0.0-2.3.11, sles12-pause-image-2.0.1-2.3.9, sles12-pv-recycler-node-image-2.0.1-2.3.10, sles12-salt-api-image-2.0.1-2.3.10, sles12-salt-master-image-2.0.1-2.3.10, sles12-salt-minion-image-2.0.1-2.3.14, sles12-sidecar-image-2.0.1-2.3.11, sles12-tiller-image-2.0.0-2.3.11, sles12-velum-image-2.0.1-2.3.13 -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1059075 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|obs:running:7638:moderate | -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1059075 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|ibs:running:6554:moderate |ibs:running:6554:moderate |ibs:running:6555:moderate | -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1059075 http://bugzilla.suse.com/show_bug.cgi?id=1059075#c22 --- Comment #22 from Swamp Workflow Management --- SUSE-SU-2018:0300-1: An update that solves one vulnerability and has 7 fixes is now available. Category: security (moderate) Bug References: 1039513,1044016,1045091,1059075,1074621,938159,977654,999596 CVE References: CVE-2017-1000376 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): gcc43-4.3.4_20091019-37.3.1 SUSE Linux Enterprise Server 11-SP4 (src): gcc43-4.3.4_20091019-37.3.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): gcc43-4.3.4_20091019-37.3.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): gcc43-4.3.4_20091019-37.3.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): gcc43-4.3.4_20091019-37.3.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): gcc43-4.3.4_20091019-37.3.1 -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1059075 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|ibs:running:6780:moderate |ibs:running:6779:moderate |ibs:running:6779:moderate | -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1059075 http://bugzilla.suse.com/show_bug.cgi?id=1059075#c23 --- Comment #23 from Swamp Workflow Management --- SUSE-RU-2018:0820-1: An update that has two recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1059075,1074621 CVE References: Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): gcc48-4.8.5-5.6.2 SUSE Linux Enterprise Debuginfo 11-SP4 (src): gcc48-4.8.5-5.6.2 -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1059075 http://bugzilla.suse.com/show_bug.cgi?id=1059075#c26 --- Comment #26 from Swamp Workflow Management --- SUSE-RU-2018:1117-1: An update that has three recommended fixes can now be installed. Category: recommended (low) Bug References: 1039513,1059075,1074621 CVE References: Sources used: SUSE Studio Onsite Runner 1.3 (src): libffi43-4.3.4_20091019-24.5.1 SUSE Studio Onsite 1.3 (src): gcc43-4.3.4_20091019-24.5.1, libffi43-4.3.4_20091019-24.5.1 -- You are receiving this mail because: You are on the CC list for the bug.