[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Tinycc-devel] Memory corruption bug in libtcc
From: |
Thomas Preud'homme |
Subject: |
Re: [Tinycc-devel] Memory corruption bug in libtcc |
Date: |
Sun, 22 Jan 2012 21:38:04 +0100 |
User-agent: |
KMail/1.13.7 (Linux/3.2.0-1-amd64; KDE/4.6.5; x86_64; ; ) |
Le dimanche 22 janvier 2012 14:15:31, grischka a écrit :
> Andreas Eriksson wrote:
> > Hi.
> >
> > I encountered a memory corruption bug in libtcc. It seems to put
> > random data into random data structures of the program that are
> > unrelated to libtcc. I've been able to reproduce the bug using a
> > simple test-case, which is attached. The output of what I get when I
> > run the test-case is also attached.
> >
> > I encountered the bug on a x86_64 linux system, and the test case was
> > compiled using gcc 4.6.2. It was linked against the latest git version
> > of tcc. What optimization flag you use with gcc seem to affect how the
> > bug manifests itself. The output I've attached is what I get when I
> > compile using -O2, if I compile using -O1 I get a segfault instead.
> >
> > I can't debug this any further due to lack of knowledge of tcc
> > internals, but hopefully one of you can figure it out from this. If
> > you need any more information from me let me know.
>
> It seems it is not memory corruption but that the code generated
> by tcc is using register rbx which it should not.
>
> Similar bug happens for i386 for example with
>
> double bar(double a, double b, double c, double d);
> double foo (double *p)
> {
> return bar(p[1], p[2], p[3], p[4]);
> }
>
> which produces
> 49: 8b 5d fc mov 0xfffffffc(%ebp),%ebx
> 4c: dd 03 fldl (%ebx)
>
> It should never use %ebx. Hope this helps.
Are you working on a fix? I looked for some use of ebx in i386-* and didn't see
any reference to ebx or rbx which looked suspicious. Would it be a wrong
construction of an instruction?
>
> --- grischka
Best regards,
Thomas Preud'homme
>
> > Regards
> >
> > Andreas Eriksson
>
> _______________________________________________
> Tinycc-devel mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/tinycc-devel
signature.asc
Description: This is a digitally signed message part.
- [Tinycc-devel] Memory corruption bug in libtcc, Andreas Eriksson, 2012/01/20
- Re: [Tinycc-devel] Memory corruption bug in libtcc, grischka, 2012/01/22
- Re: [Tinycc-devel] Memory corruption bug in libtcc,
Thomas Preud'homme <=
- Re: [Tinycc-devel] Memory corruption bug in libtcc, grischka, 2012/01/22
- Re: [Tinycc-devel] Memory corruption bug in libtcc, Daniel Glöckner, 2012/01/22
- Re: [Tinycc-devel] Memory corruption bug in libtcc, Thomas Preud'homme, 2012/01/23
- Re: [Tinycc-devel] Memory corruption bug in libtcc, Daniel Glöckner, 2012/01/23
- Re: [Tinycc-devel] Memory corruption bug in libtcc, Thomas Preud'homme, 2012/01/24
- Re: [Tinycc-devel] Memory corruption bug in libtcc, grischka, 2012/01/24
- Re: [Tinycc-devel] Memory corruption bug in libtcc, David Mertens, 2012/01/24
- Re: [Tinycc-devel] Memory corruption bug in libtcc, Thomas Preud'homme, 2012/01/24
- Re: [Tinycc-devel] Memory corruption bug in libtcc, Thomas Preud'homme, 2012/01/30