Bugzilla – Bug 1202918
VUL-1: CVE-2020-35536: gcc10,gcc48,gcc11,gcc43,gcc,gcc9,gcc7,gcc8,gcc33: Internal compiler error in match_reload function at lra-constraints.c
Last modified: 2022-08-31 07:58:39 UTC
In gcc, an internal compiler error in match_reload function at lra-constraints.c may cause a crash through a crafted input file.
Fixed have been included in v10.1.0, and the commit introducing the bug is likely this one  introduced in v4.8.0. So I would say that the following codestreams are affected:
This is no security problem. If a CVE was assigned then that's nonsense, but was
it actually? :
has no info, and
says "CVE ID Not Found".
If it were a CVE it would need to be disputed, this is a normal compiler bug
on invalid input.
(How did we become aware of this one? Is someone scraping bullshit CVE entries
for busy work?)
Just to be very clear, at least once: we are not going to touch any gcc package
for an internal compiler error. It's basically the fancy form of an abort(3). It's not a crash as the confused original bug report claims or anything similar.
This all works exactly as designed. And if it were a crash (which it is not)
we still wouldn't touch anything, as it again wouldn't have any security
If you want you can close them all with WONTFIX right away.
As seen with the team and with Michael, this is not a security issue. Closing