https://sourceware.org/bugzilla/show_bug.cgi?id=34062
--- Comment #1 from Takao Sato <takaosato1997 at gmail dot com> --- Hi, I would like to seek your guidance on the appropriate classification for this issue. Given that the root cause is a Type Confusion (CWE-843) in the IA-64 backend that is reachable on modern x86_64 hosts (via --enable-targets=all), we are evaluating its security implications. >From our perspective, while the current PoC triggers a deterministic SIGSEGV through an invalid free, the fact that a malformed external object can reliably halt build processes in CI/CD environments suggests a potential Denial of Service (DoS) vector in the supply chain. In your view, does this meet the criteria for a security-relevant defect, or is it preferred to track it strictly as a stability bug? Thank you for your time and assessment. -- You are receiving this mail because: You are on the CC list for the bug.
