https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110848
--- Comment #18 from Andrew Pinski <pinskia at gcc dot gnu.org> --- (In reply to Aaron Ballman from comment #17) > In the time I opened this request, a new CVE related to VLAs came out: > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2023-4039 Everything is a security risk. Seriously it is. Everything can and will be abused; does not mean it is always right to warn about it. Also -fstack-protector should never be a CVE. CVEs will get to the point where they will be ignored because how they are now pointing out non-security issues.
