Re: [Tinycc-devel] Memory corruption bug in libtcc

tinycc-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Tinycc-devel] Memory corruption bug in libtcc

From:	Thomas Preud'homme
Subject:	Re: [Tinycc-devel] Memory corruption bug in libtcc
Date:	Sun, 22 Jan 2012 21:38:04 +0100
User-agent:	KMail/1.13.7 (Linux/3.2.0-1-amd64; KDE/4.6.5; x86_64; ; )

Le dimanche 22 janvier 2012 14:15:31, grischka a écrit :
> Andreas Eriksson wrote:
> > Hi.
> > 
> > I encountered a memory corruption bug in libtcc. It seems to put
> > random data into random data structures of the program that are
> > unrelated to libtcc. I've been able to reproduce the bug using a
> > simple test-case, which is attached. The output of what I get when I
> > run the test-case is also attached.
> > 
> > I encountered the bug on a x86_64 linux system, and the test case was
> > compiled using gcc 4.6.2. It was linked against the latest git version
> > of tcc. What optimization flag you use with gcc seem to affect how the
> > bug manifests itself. The output I've attached is what I get when I
> > compile using -O2, if I compile using -O1 I get a segfault instead.
> > 
> > I can't debug this any further due to lack of knowledge of tcc
> > internals, but hopefully one of you can figure it out from this. If
> > you need any more information from me let me know.
> 
> It seems it is not memory corruption but that the code generated
> by tcc is using register rbx which it should not.
> 
> Similar bug happens for i386 for example with
> 
>      double bar(double a, double b, double c, double d);
>      double foo (double *p)
>      {
>          return bar(p[1], p[2], p[3], p[4]);
>      }
> 
> which produces
>    49:   8b 5d fc                mov    0xfffffffc(%ebp),%ebx
>    4c:   dd 03                   fldl   (%ebx)
> 
> It should never use %ebx.  Hope this helps.
Are you working on a fix? I looked for some use of ebx in i386-* and didn't see 
any reference to ebx or rbx which looked suspicious. Would it be a wrong 
construction of an instruction?
> 
> --- grischka
Best regards,

Thomas Preud'homme
> 
> > Regards
> > 
> > Andreas Eriksson
> 
> _______________________________________________
> Tinycc-devel mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/tinycc-devel

signature.asc
Description: This is a digitally signed message part.

[Prev in Thread]

Current Thread

[Next in Thread]

[Tinycc-devel] Memory corruption bug in libtcc, Andreas Eriksson, 2012/01/20
- Re: [Tinycc-devel] Memory corruption bug in libtcc, grischka, 2012/01/22
  - Re: [Tinycc-devel] Memory corruption bug in libtcc, Thomas Preud'homme <=
    - Re: [Tinycc-devel] Memory corruption bug in libtcc, grischka, 2012/01/22
    - Re: [Tinycc-devel] Memory corruption bug in libtcc, Daniel Glöckner, 2012/01/22
    - Re: [Tinycc-devel] Memory corruption bug in libtcc, Thomas Preud'homme, 2012/01/23
    - Re: [Tinycc-devel] Memory corruption bug in libtcc, Daniel Glöckner, 2012/01/23
    - Re: [Tinycc-devel] Memory corruption bug in libtcc, Thomas Preud'homme, 2012/01/24
    - Re: [Tinycc-devel] Memory corruption bug in libtcc, grischka, 2012/01/24
    - Re: [Tinycc-devel] Memory corruption bug in libtcc, David Mertens, 2012/01/24
    - Re: [Tinycc-devel] Memory corruption bug in libtcc, Thomas Preud'homme, 2012/01/24
    - Re: [Tinycc-devel] Memory corruption bug in libtcc, Thomas Preud'homme, 2012/01/30

Prev by Date: Re: [Tinycc-devel] Testing Console Application with CreateProcess
Next by Date: Re: [Tinycc-devel] Memory corruption bug in libtcc
Previous by thread: Re: [Tinycc-devel] Memory corruption bug in libtcc
Next by thread: Re: [Tinycc-devel] Memory corruption bug in libtcc
Index(es):
- Date
- Thread