GCC's stack protection feature (enabled with the flag -fstack-protector) aims to detect buffer overflows in C/C++ function local variables that might allow an attacker to overwrite saved registers on the stack. If an attacker can modify saved register values then it might be possible for them to subvert program flow control. The feature operates by placing a canary value between local variables and saved registers on the stack on function entry, and triggers an error handler on function exit if the canary value has been unexpectedly modified.
When targeting AArch64, this feature did not protect the saved registers from overflows in C99-style dynamically-sized local variables and alloca() objects. Other local variables, including statically-sized local arrays, are not affected because of their different placement on the stack relative to saved registers. Further technical details of this issue can be found at Meta Red Team GitHub.
Arm has also examined GCC targeting AArch32 and clang targeting AArch32 and AArch64 and believes none of these are affected by this issue.
This isn't yet in any snapshots.
The patches need work, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111411.
The bug has been referenced in the following commit(s):
Author: Sam James <firstname.lastname@example.org>
AuthorDate: 2023-10-15 15:52:53 +0000
Commit: Sam James <email@example.com>
CommitDate: 2023-10-15 15:52:58 +0000
sys-devel/gcc: keyword 13.2.1_p20231014
Signed-off-by: Sam James <firstname.lastname@example.org>
sys-devel/gcc/gcc-13.2.1_p20231014.ebuild | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)