DescriptionA vulnerability was found in GCC. The GCC's stack protection feature, enabled with the flag -fstack-protector, aims to detect buffer overflows in C/C++ function local variables that might allow an attacker to overwrite saved registers on the stack. If an attacker can modify saved register values, it may be possible for them to subvert program flow control. The feature operates by placing a canary value between local variables and saved registers on the stack on function entry and triggers an error handler on function exit if the canary value has been unexpectedly modified. When targeting AArch64, this feature did not protect the saved registers from overflows in C99-style dynamically-sized local variables and alloca() objects. Other local variables, including statically-sized local arrays, are not affected because of their different placement on the stack relative to saved registers.A vulnerability was found in GCC. The GCC's stack protection feature, enabled with the flag -fstack-protector, aims to detect buffer overflows in C/C++ function local variables that might allow an attacker to overwrite saved registers on the stack. If an attacker can modify saved register values, it may be possible for them to subvert program flow control. The feature operates by placing a canary value between local variables and saved registers on the stack on function entry and triggers an error handler on function exit if the canary value has been unexpectedly modified. When targeting AArch64, this feature did not protect the saved registers from overflows in C99-style dynamically-sized local variables and alloca() objects. Other local variables, including statically-sized local arrays, are not affected because of their different placement on the stack relative to saved registers.