From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-321378-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 31290 invoked by alias); 10 Jun 2010 19:08:19 -0000
Received: (qmail 31161 invoked by uid 48); 10 Jun 2010 19:08:01 -0000
Date: Thu, 10 Jun 2010 19:08:00 -0000
Message-ID: <20100610190801.31160.qmail@sourceware.org>
X-Bugzilla-Reason: CC
References: <bug-41156-682@http.gcc.gnu.org/bugzilla/>
Subject: [Bug target/41156] [4.4/4.5/4.6 Regression] zlib segfault in inflate_table() compiled w/ -O -msse2 ftree-vectorize
In-Reply-To: <bug-41156-682@http.gcc.gnu.org/bugzilla/>
Reply-To: gcc-bugzilla@gcc.gnu.org
To: gcc-bugs@gcc.gnu.org
From: "phmagic at mail dot ru" <gcc-bugzilla@gcc.gnu.org>
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
X-SW-Source: 2010-06/txt/msg01213.txt.bz2



------- Comment #35 from phmagic at mail dot ru  2010-06-10 19:08 -------
Hello,

I just upgraded to gcc-4.4.3 (from Gentoo distribution) and recompiled the
whole system (on x86). Then I had to discover the (as it turned to be,
infamous) mozilla-firefox + zlib bug. I reported it to the distribution here:
http://bugs.gentoo.org/show_bug.cgi?id=323431

As I learned later, everybody accounts for incoming misaligned stack to be the
cause of the crashes. But what I see:

inflate_table:
.LFB45:
        .file 1 "inftrees.c"
        .loc 1 39 0
.LVL0:
        pushl   %ebp     ; stack misaligned to -4
.LCFI0:
        .loc 1 108 0
        pxor    %xmm0, %xmm0
        .loc 1 39 0
        movl    %esp, %ebp ; $ebp % 16 = 4
.LCFI1:
        pushl   %edi
.LCFI2:
        pushl   %esi
.LCFI3:
        pushl   %ebx
.LCFI4:
        call    .L101
.L101:
        popl    %ebx
        addl    $_GLOBAL_OFFSET_TABLE_+[.-.L101], %ebx
        subl    $188, %esp
.LCFI5:
        .loc 1 108 0
        movdqa  %xmm0, -56(%ebp) ; -56-4=60, 60%16=4
; <snip>

Even if the stack were 16 bytes aligned on the entry, the instruction in the
last line would attempt an unaligned access and thus would fault. Please
correct me, if I miscounted.

My concern is: even with ABI which guarantees 16-byte aligned incoming stacks,
gcc generates code which would segfault.


-- 

phmagic at mail dot ru changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |phmagic at mail dot ru


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41156