https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77409
--- Comment #4 from Andrew Pinski <pinskia at gcc dot gnu.org> --- (In reply to Yaakov Selkowitz from comment #2) > (In reply to Andrew Pinski from comment #1) > > I don't think this is a security hole at all. In fact the security holes > > should be on the applications side rather than the library side. > > The compiler is the cause and where this needs to be fixed first, therefore > the CVE was assigned to gcc. What I am trying to say is there is no security hole that this can cause, only the badly written applications where the security holes are located. Also this looks like it was by design.
