public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug middle-end/23221] New: -fstack-protector does not protect tail call functions
@ 2005-08-03 22:38 drepper at redhat dot com
2005-08-03 23:00 ` [Bug middle-end/23221] " drepper at redhat dot com
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: drepper at redhat dot com @ 2005-08-03 22:38 UTC (permalink / raw)
To: gcc-bugs
Compiling this little bit of code with -fstack-protector-all
extern int foo (int);
int bar (int a, int b)
{
return foo (a + b);
}
produces on x86-64 the following object code:
0: 01 f7 add %esi,%edi
2: 64 48 8b 04 25 28 00 mov %fs:0x28,%rax
9: 00 00
b: 48 89 44 24 f8 mov %rax,0xfffffffffffffff8(%rsp)
10: 31 c0 xor %eax,%eax
12: e9 00 00 00 00 jmpq 17 <bar+0x17>
The canary is set up but not tested. Before the jump to the next function the
value must be checked. This also applies to -fstack-protector (with appropriate
input) and to all architectures.
--
Summary: -fstack-protector does not protect tail call functions
Product: gcc
Version: 4.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: middle-end
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: drepper at redhat dot com
CC: gcc-bugs at gcc dot gnu dot org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23221
^ permalink raw reply [flat|nested] 7+ messages in thread* [Bug middle-end/23221] -fstack-protector does not protect tail call functions 2005-08-03 22:38 [Bug middle-end/23221] New: -fstack-protector does not protect tail call functions drepper at redhat dot com @ 2005-08-03 23:00 ` drepper at redhat dot com 2005-08-03 23:14 ` pinskia at gcc dot gnu dot org ` (4 subsequent siblings) 5 siblings, 0 replies; 7+ messages in thread From: drepper at redhat dot com @ 2005-08-03 23:00 UTC (permalink / raw) To: gcc-bugs -- What |Removed |Added ---------------------------------------------------------------------------- CC| |rth at gcc dot gnu dot org http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23221 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug middle-end/23221] -fstack-protector does not protect tail call functions 2005-08-03 22:38 [Bug middle-end/23221] New: -fstack-protector does not protect tail call functions drepper at redhat dot com 2005-08-03 23:00 ` [Bug middle-end/23221] " drepper at redhat dot com @ 2005-08-03 23:14 ` pinskia at gcc dot gnu dot org 2005-08-03 23:15 ` rth at gcc dot gnu dot org ` (3 subsequent siblings) 5 siblings, 0 replies; 7+ messages in thread From: pinskia at gcc dot gnu dot org @ 2005-08-03 23:14 UTC (permalink / raw) To: gcc-bugs ------- Additional Comments From pinskia at gcc dot gnu dot org 2005-08-03 23:14 ------- Confirmed, it is a little more obvious on ppc-darwin: _bar: mflr r0 stmw r29,-12(r1) stw r0,8(r1) stwu r1,-96(r1) lis r29,ha16(___stack_chk_guard) la r29,lo16(___stack_chk_guard)(r29) lwz r0,0(r29) stw r0,76(r1) li r0,0 add r3,r3,r4 bl _foo lwz r0,76(r1) lwz r2,0(r29) xor. r0,r0,r2 li r2,0 beq+ cr0,L3 bl ___stack_chk_fail L3: addi r1,r1,96 lwz r0,8(r1) mtlr r0 lmw r29,-12(r1) blr -- What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed| |1 Last reconfirmed|0000-00-00 00:00:00 |2005-08-03 23:14:13 date| | http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23221 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug middle-end/23221] -fstack-protector does not protect tail call functions 2005-08-03 22:38 [Bug middle-end/23221] New: -fstack-protector does not protect tail call functions drepper at redhat dot com 2005-08-03 23:00 ` [Bug middle-end/23221] " drepper at redhat dot com 2005-08-03 23:14 ` pinskia at gcc dot gnu dot org @ 2005-08-03 23:15 ` rth at gcc dot gnu dot org 2005-08-04 3:57 ` cvs-commit at gcc dot gnu dot org ` (2 subsequent siblings) 5 siblings, 0 replies; 7+ messages in thread From: rth at gcc dot gnu dot org @ 2005-08-03 23:15 UTC (permalink / raw) To: gcc-bugs -- What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|unassigned at gcc dot gnu |rth at gcc dot gnu dot org |dot org | Status|NEW |ASSIGNED Last reconfirmed|2005-08-03 23:14:13 |2005-08-03 23:15:33 date| | http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23221 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug middle-end/23221] -fstack-protector does not protect tail call functions 2005-08-03 22:38 [Bug middle-end/23221] New: -fstack-protector does not protect tail call functions drepper at redhat dot com ` (2 preceding siblings ...) 2005-08-03 23:15 ` rth at gcc dot gnu dot org @ 2005-08-04 3:57 ` cvs-commit at gcc dot gnu dot org 2005-08-04 4:01 ` rth at gcc dot gnu dot org 2005-08-04 4:18 ` pinskia at gcc dot gnu dot org 5 siblings, 0 replies; 7+ messages in thread From: cvs-commit at gcc dot gnu dot org @ 2005-08-04 3:57 UTC (permalink / raw) To: gcc-bugs ------- Additional Comments From cvs-commit at gcc dot gnu dot org 2005-08-04 03:57 ------- Subject: Bug 23221 CVSROOT: /cvs/gcc Module name: gcc Changes by: rth@gcc.gnu.org 2005-08-04 03:57:43 Modified files: gcc : ChangeLog calls.c function.c tree.h Log message: PR 23221 * function.c (stack_protect_epilogue): Export. * tree.h (stack_protect_epilogue): Declare. * calls.c (expand_call): Call it. Patches: http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/ChangeLog.diff?cvsroot=gcc&r1=2.9652&r2=2.9653 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/calls.c.diff?cvsroot=gcc&r1=1.398&r2=1.399 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/function.c.diff?cvsroot=gcc&r1=1.639&r2=1.640 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/gcc/tree.h.diff?cvsroot=gcc&r1=1.750&r2=1.751 -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23221 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug middle-end/23221] -fstack-protector does not protect tail call functions 2005-08-03 22:38 [Bug middle-end/23221] New: -fstack-protector does not protect tail call functions drepper at redhat dot com ` (3 preceding siblings ...) 2005-08-04 3:57 ` cvs-commit at gcc dot gnu dot org @ 2005-08-04 4:01 ` rth at gcc dot gnu dot org 2005-08-04 4:18 ` pinskia at gcc dot gnu dot org 5 siblings, 0 replies; 7+ messages in thread From: rth at gcc dot gnu dot org @ 2005-08-04 4:01 UTC (permalink / raw) To: gcc-bugs ------- Additional Comments From rth at gcc dot gnu dot org 2005-08-04 04:01 ------- Fixed. -- What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23221 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug middle-end/23221] -fstack-protector does not protect tail call functions 2005-08-03 22:38 [Bug middle-end/23221] New: -fstack-protector does not protect tail call functions drepper at redhat dot com ` (4 preceding siblings ...) 2005-08-04 4:01 ` rth at gcc dot gnu dot org @ 2005-08-04 4:18 ` pinskia at gcc dot gnu dot org 5 siblings, 0 replies; 7+ messages in thread From: pinskia at gcc dot gnu dot org @ 2005-08-04 4:18 UTC (permalink / raw) To: gcc-bugs -- What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |4.1.0 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23221 ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2005-08-04 4:18 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2005-08-03 22:38 [Bug middle-end/23221] New: -fstack-protector does not protect tail call functions drepper at redhat dot com 2005-08-03 23:00 ` [Bug middle-end/23221] " drepper at redhat dot com 2005-08-03 23:14 ` pinskia at gcc dot gnu dot org 2005-08-03 23:15 ` rth at gcc dot gnu dot org 2005-08-04 3:57 ` cvs-commit at gcc dot gnu dot org 2005-08-04 4:01 ` rth at gcc dot gnu dot org 2005-08-04 4:18 ` pinskia at gcc dot gnu dot org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).