diff options
| author | Richard Sandiford <richard.sandiford@arm.com> | 2020-08-05 15:18:36 +0100 |
|---|---|---|
| committer | Richard Sandiford <richard.sandiford@arm.com> | 2020-08-05 15:18:36 +0100 |
| commit | fe1a26429038d7cd17abc53f96a6f3e2639b605f (patch) | |
| tree | e37f7d8a433b1c8f5113745d5098845be27d223d /libitm | |
| parent | 2c272091c09298eea02b6bb3b3ffd95db9ea505b (diff) | |
| download | gcc-fe1a26429038d7cd17abc53f96a6f3e2639b605f.zip gcc-fe1a26429038d7cd17abc53f96a6f3e2639b605f.tar.gz gcc-fe1a26429038d7cd17abc53f96a6f3e2639b605f.tar.bz2 | |
aarch64: Clear canary value after stack_protect_test [PR96191]
The stack_protect_test patterns were leaving the canary value in the
temporary register, meaning that it was often still in registers on
return from the function. An attacker might therefore have been
able to use it to defeat stack-smash protection for a later function.
gcc/
PR target/96191
* config/aarch64/aarch64.md (stack_protect_test_<mode>): Set the
CC register directly, instead of a GPR. Replace the original GPR
destination with an extra scratch register. Zero out operand 3
after use.
(stack_protect_test): Update accordingly.
gcc/testsuite/
PR target/96191
* gcc.target/aarch64/stack-protector-1.c: New test.
* gcc.target/aarch64/stack-protector-2.c: Likewise.
Diffstat (limited to 'libitm')
0 files changed, 0 insertions, 0 deletions