| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Jan 2023 16:10:08 -0800
From: Kees Cook <keescook@...omium.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: gregkh@...uxfoundation.org, kees@...nel.org, linux@...ck-us.net,
vbabka@...e.cz, stable-commits@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: Re: Patch "gcc: disable -Warray-bounds for gcc-11 too" has been
added to the 6.1-stable tree
On Thu, Jan 12, 2023 at 05:22:53PM -0600, Linus Torvalds wrote:
> But right now it seems a matter of "just by luck, we don't hit it
> anywhere else", and I'm not interested in playing any more
> whack-a-mole with this broken compiler option.
Okay, understood.
FWIW, I've been tracking these and getting reproducers so they can
get worked on. A few got fixed for GCC 12, and but not enough to turn
-Warray-bounds on there. More were fixed in GCC 13. So far, I'm aware
of these 3 getting fixed since we started trying to enable
-Warray-bounds:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105679
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101419
I recently reported 1:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108306
And these 3 are likely related, but for options we don't yet enable,
but seem to be internal issues with the value range handling (usually
when a sanitizer of one kind or another is enabled):
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97490
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99673
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101778
The powerpc issue hasn't been reported yet. It's my intention to do so
once I can get it minimized.
--
Kees Cook
Powered by blists - more mailing lists