On Tue, 11 Aug 2020 at 18:42, Richard Sandiford
wrote:
>
> Christophe Lyon writes:
> > On Mon, 10 Aug 2020 at 17:27, Richard Sandiford
> > wrote:
> >>
> >> Christophe Lyon writes:
> >> > On Wed, 5 Aug 2020 at 16:33, Richard Sandiford
> >> > wrote:
> >> >>
> >> >> The stack_protect_test pattern
Christophe Lyon writes:
> On Mon, 10 Aug 2020 at 17:27, Richard Sandiford
> wrote:
>>
>> Christophe Lyon writes:
>> > On Wed, 5 Aug 2020 at 16:33, Richard Sandiford
>> > wrote:
>> >>
>> >> The stack_protect_test patterns were leaving the canary value in the
>> >> temporary register, meaning tha
On Mon, 10 Aug 2020 at 17:27, Richard Sandiford
wrote:
>
> Christophe Lyon writes:
> > On Wed, 5 Aug 2020 at 16:33, Richard Sandiford
> > wrote:
> >>
> >> The stack_protect_test patterns were leaving the canary value in the
> >> temporary register, meaning that it was often still in registers on
Christophe Lyon writes:
> On Wed, 5 Aug 2020 at 16:33, Richard Sandiford
> wrote:
>>
>> The stack_protect_test patterns were leaving the canary value in the
>> temporary register, meaning that it was often still in registers on
>> return from the function. An attacker might therefore have been
>
On Wed, 5 Aug 2020 at 16:33, Richard Sandiford
wrote:
>
> The stack_protect_test patterns were leaving the canary value in the
> temporary register, meaning that it was often still in registers on
> return from the function. An attacker might therefore have been
> able to use it to defeat stack-s
Hi Richard,
> -Original Message-
> From: Richard Sandiford
> Sent: 05 August 2020 15:33
> To: gcc-patches@gcc.gnu.org
> Cc: ni...@redhat.com; Richard Earnshaw ;
> Ramana Radhakrishnan ; Kyrylo
> Tkachov
> Subject: [PATCH] arm: Clear canary value after sta
The stack_protect_test patterns were leaving the canary value in the
temporary register, meaning that it was often still in registers on
return from the function. An attacker might therefore have been
able to use it to defeat stack-smash protection for a later function.
Tested on arm-linux-gnueab
