From red hat bugzilla at $URL: It was reported that C++ new[] operator was previously missing integer overflow / wrap around checks for its arguments. If an application compiled with gcc accepted untrusted input for memory allocation and was missing application-level checks for integer overflows of arguments, provided to the new[] operator, an attacker could use this flaw to cause the memory region, allocated in the end for the new[] operator statement, it to be smaller than truly required, possibly leading to heap-based buffer overflows. Upstream bug report: [1] http://gcc.gnu.org/bugzilla/show_bug.cgi?id=19351 Upstream patch: [2] http://gcc.gnu.org/viewcvs?view=revision&revision=190546 Proposed upstream patch for the __cxa_vec_new yet (pending upstream review): [3] http://gcc.gnu.org/ml/gcc-patches/2012-08/msg01416.html References: [4] http://gcc.gnu.org/bugzilla/show_bug.cgi?id=35790 [5] http://cert.uni-stuttgart.de/ticker/advisories/calloc.html Comment 1
If anything that's a security enhancement for badly written programs, not a vulnerability itself.
it's not entirely clear whether the patch changes the ABI (they mention using a new symbol). if it does, then we won't be doing a backport of it.
http://gcc.gnu.org/viewcvs?view=revision&revision=193174
Seems to be fixed in 4.8.0.
Bug fixed in 4.8.0 as previous comment notes. Below is a link to redhat's bugzilla stating the impact of backporting a patch. @base-system and @toolchain, please advise on backport. Doubtful a cleanup is possible here for compatibility reasons. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439
no plans to backport or clean up. gcc-4.9 is stable across the board at this point.
GLSA Vote No Thank you all for your work Closing no GLSA
