Wccftech has an article "https://wccftech.com/amd-strategy-spectre-v2-vulnerability-i… I can’t tell whether the author got this wrong or just the headline author. They also have an article on the new issues with Intel processors. Similar issues: https://wccftech.com/intel-mitigations-spectre-v2-exploit-35… What gives?
First, this should be entirely a “dusty deck” software issue. Most compilers switched to automatically generating a “retpoline” (return instruction followed by a trampoline) if necessary when the called procedure or function has a variable-length parameter or puts local variables of non-constant size on the stack. (Cases, where a function returns a string or other variable-length objects, are best dealt with by either a separate return stack or treating the value as allocated by the caller.) You almost certainly didn’t want to know any of this.
This was dealt with in Ada about thirty years ago. C (not C++) at that time returned all variable-length parameters by reference. But multi-language compiler back-ends like GCC would use retpolines in some C code anyway. A retpoline was never wrong, it could just be slower if the trampoline section wasn’t necessary.
Are there still old compilers or (very) old code around? Sure. Should various tools (such as lint) find these cases? Sure, I had one tool I ran against all of the ACVC* tests on the Honeywell DPS6 line to look for cases we might have missed. Today you want your run-time (actually load-time) security tools to find these vulnerabilities. They are just as bad as a virus in code you just copied.
- I didn’t run it against tests that were required to be rejected for other reasons.