gcc 4.3.x does not generate a cld instruction while compiling functions used
for string manipulation such as memcpy and memmove on x86 and i386, which can
prevent the direction flag (DF) from being reset in violation of ABI
conventions and cause data to be copied in the wrong direction during signal
handling in the Linux kernel, which might allow context-dependent attackers
to trigger memory corruption. NOTE: this issue was originally reported for
CPU consumption in SBCL.
Toolchain herd, gcc 4.3 is in Portage since today.
I did not check if it exposes this bug or not, can you help here?
According to a mailing list discussion  this is not a gcc bug, but a behavior change which perfectly matches the specifications. The problem is, that the Linux kernel (others too) did not match these specs...
A patch to the kernel was already proposed  and committed  ten days ago, so now the question is, whether patching gcc is wanted or whether gcc-4.3 should simply require fixed kernels.
CC'ing kernel herd for this reason.
i have no plans to modify gcc-4.3.0 behavior in anyway ... the realistic impact here is small as the number of applications this breaks is small (then again, for those who it does impact, i imagine they'll be quite annoyed)
fix the kernel
I have branched off bug 213811 for the Kernel patch, thanks for the notice.
I would also think people using ~arch gcc and not keeping their kernel updated is not a setup we want to support and by the time gcc 4.3 hits stable, our kernels should be updated.
while true, gcc-4.3.0 isnt even ~arch yet ;)
so our kernel guys have time to get out a fixed gentoo-sources patchset