Bug 1202922 - (CVE-2020-35537) VUL-1: CVE-2020-35537: gcc8,gcc48,gcc10,gcc43,gcc9,gcc,gcc7,gcc33,gcc11: segmentation fault via crafted input in ipcp_store_vr_results function in gcc/ipa-cp.c
(CVE-2020-35537)
VUL-1: CVE-2020-35537: gcc8,gcc48,gcc10,gcc43,gcc9,gcc,gcc7,gcc33,gcc11: segm...
Status: RESOLVED WONTFIX
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Richard Biener
Security Team bot
https://smash.suse.de/issue/341087/
CVSSv3.1:SUSE:CVE-2020-35537:3.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-08-30 13:14 UTC by Thomas Leroy
Modified: 2022-08-31 07:59 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2022-08-30 13:14:00 UTC
rh#2122381

In gcc, a crafted input source file could cause g++ to crash during compilation when provided certain optimization flags. The problem resides in the ipcp_store_vr_results function in gcc/ipa-cp.c

Upstream fix:
https://gcc.gnu.org/git/?p=gcc.git&a=commit;h=a09ccc22459c565814f79f96586fe4ad083fe4eb

Upstream bug:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93015

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2122381
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35537
Comment 1 Thomas Leroy 2022-08-30 13:18:07 UTC
This commit probably introduced the bug: https://github.com/gcc-mirror/gcc/commit/8bc5448f39ccd26b6f06cd7120f09c2254bac3be

The fixing commit is included since version 10.1.0.

The following codestreams are affected:
- SUSE:SLE-15:Update/gcc7
- SUSE:SLE-15:Update/gcc8
- SUSE:SLE-15:Update/gcc9
Comment 2 Marcus Meissner 2022-08-30 14:03:26 UTC
considering as wontfix candidate, see other gcc bug
Comment 3 Thomas Leroy 2022-08-31 07:59:19 UTC
As seen with the team and with Michael, this is not a security issue. Closing