https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103027
Bug ID: 103027
Summary: Implement warning for homoglyphs in identifiers
[CVE-2021-42694]
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: preprocessor
Assignee: unassigned at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
An issue was discovered in the character definitions of the Unicode
Specification through 14.0. The specification allows an adversary to produce
source code identifiers such as function names using homoglyphs that render
visually identical to a target identifier. Adversaries can leverage this to
inject code via adversarial identifier definitions in upstream software
dependencies invoked deceptively in downstream software.
We ought to have a diagnostic the warns about such problematic identifiers.
More info:
https://nvd.nist.gov/vuln/detail/CVE-2021-42694
https://trojansource.codes/
