[Bug other/102993] New: -mcf-protection=full produces segfaulting code when targeting 32-bit x86 (i686)

[Bug other/102993] New: -mcf-protection=full produces segfaulting code when targeting 32-bit x86 (i686)

[luke-jr+gccbugs at utopios dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102993

            Bug ID: 102993
           Summary: -mcf-protection=full produces segfaulting code when
                    targeting 32-bit x86 (i686)
           Product: gcc
           Version: 7.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: other
          Assignee: unassigned at gcc dot gnu.org
          Reporter: luke-jr+gccbugs at utopios dot org
  Target Milestone: ---

Generated programs, when throwing(catching?) an exception, jump to address 0
and crash.

Instead, the compiler should either reject the option, ignore it, or produce
working code.

#include <stdexcept>

void b(){
        throw std::runtime_error("hi");
}

int main(){
        try{
                b();
        }catch(...){}
}


(gdb) bt
#0  0x00401657 in ?? ()
#1  0x00401386 in ?? ()
#2  0x7b454882 in call_process_entry () from
/usr/lib/wine/../i386-linux-gnu/wine/kernel32.dll.so
#3  0x7b454cfc in start_process () from
/usr/lib/wine/../i386-linux-gnu/wine/kernel32.dll.so
#4  0x7b45488e in __wine_start_process () from
/usr/lib/wine/../i386-linux-gnu/wine/kernel32.dll.so
#5  0x00000000 in ?? ()

        }catch(...){
  401657:       89 04 24                mov    %eax,(%esp)
  40165a:       e8 49 00 00 00          call   4016a8 <___cxa_begin_catch>
  40165f:       c7 45 b8 ff ff ff ff    movl   $0xffffffff,-0x48(%ebp)
  401666:       e8 35 00 00 00          call   4016a0 <___cxa_end_catch>
  40166b:       eb d6                   jmp    401643 <_main+0x5e>
  40166d:       8d 45 b4                lea    -0x4c(%ebp),%eax
  401670:       89 04 24                mov    %eax,(%esp)
  401673:       e8 68 10 00 00          call   4026e0
<__Unwind_SjLj_Unregister>

[Bug target/102993] -fcf-protection=full produces segfaulting code when targeting 32-bit x86 (i686)

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102993

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Can you provide the full output of gcc -v?  Also can you test out GCC 9.4.x or
above since GCC 7 is no longer supported?

[Bug target/102993] -fcf-protection=full produces segfaulting code when targeting 32-bit x86 (i686)

[luke-jr+gccbugs at utopios dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102993

Luke Dashjr <luke-jr+gccbugs at utopios dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Version|7.0                         |9.3.0

--- Comment #2 from Luke Dashjr <luke-jr+gccbugs at utopios dot org> ---
# i686-w64-mingw32-g++ -v
Using built-in specs.
COLLECT_GCC=i686-w64-mingw32-g++
COLLECT_LTO_WRAPPER=/usr/lib/gcc/i686-w64-mingw32/9.3-posix/lto-wrapper
Target: i686-w64-mingw32
Configured with: ../../src/configure --build=x86_64-linux-gnu --prefix=/usr
--includedir='/usr/include' --mandir='/usr/share/man'
--infodir='/usr/share/info' --sysconfdir=/etc --localstatedir=/var
--disable-silent-rules --libdir='/usr/lib/x86_64-linux-gnu'
--libexecdir='/usr/lib/x86_64-linux-gnu' --disable-maintainer-mode
--disable-dependency-tracking --prefix=/usr --enable-shared --enable-static
--disable-multilib --with-system-zlib --libexecdir=/usr/lib
--without-included-gettext --libdir=/usr/lib --enable-libstdcxx-time=yes
--with-tune=generic --with-headers=/usr/i686-w64-mingw32/include
--enable-version-specific-runtime-libs --enable-fully-dynamic-string
--enable-libgomp --enable-languages=c,c++,fortran,objc,obj-c++,ada --enable-lto
--enable-threads=posix --program-suffix=-posix
--program-prefix=i686-w64-mingw32- --target=i686-w64-mingw32
--with-as=/usr/bin/i686-w64-mingw32-as --with-ld=/usr/bin/i686-w64-mingw32-ld
--enable-libatomic --enable-libstdcxx-filesystem-ts=yes
--enable-dependency-tracking
Thread model: posix
gcc version 9.3-posix 20200320 (GCC) 

Apparently it's actually 9.3? (Was confused since the mingw-w64-i686-dev
package is 7.0.0-2, but g++-mingw-w64-i686 is indeed
9.3.0-7ubuntu1+22~exp1ubuntu4)

Not sure how to test newer GCC on Ubuntu, though I could try an entirely newer
version of Ubuntu if that would help.

[Bug target/102993] -fcf-protection=full produces segfaulting code when targeting 32-bit x86 (i686)

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102993

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ebotcazou at gcc dot gnu.org
             Target|i?86-mingw                  |i686-w64-mingw32

--- Comment #3 from Richard Biener <rguenth at gcc dot gnu.org> ---
It looks like unwinding is somehow broken.

[Bug target/102993] -fcf-protection=full produces segfaulting code when targeting 32-bit x86 (i686)

[ebotcazou at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102993

Eric Botcazou <ebotcazou at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |WAITING
     Ever confirmed|0                           |1
   Last reconfirmed|                            |2021-10-29

--- Comment #4 from Eric Botcazou <ebotcazou at gcc dot gnu.org> ---
Nobody uses SJLJ exceptions these days though.  Where does this compiler come
from exactly?

[Bug target/102993] -fcf-protection=full produces segfaulting code when targeting 32-bit x86 (i686)

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102993

--- Comment #5 from Richard Biener <rguenth at gcc dot gnu.org> ---
I think we still default to those for 32bit unless you configure with
--disable-sjlj-exceptions.

[Bug target/102993] -fcf-protection=full produces segfaulting code when targeting 32-bit x86 (i686)

[ebotcazou at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102993

--- Comment #6 from Eric Botcazou <ebotcazou at gcc dot gnu.org> ---
> I think we still default to those for 32bit unless you configure with
> --disable-sjlj-exceptions.

Yes, everybody should configure with it.

[Bug target/102993] -fcf-protection=full produces segfaulting code when targeting 32-bit x86 (i686)

[luke-jr+gccbugs at utopios dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102993

--- Comment #7 from Luke Dashjr <luke-jr+gccbugs at utopios dot org> ---
It's the standard Ubuntu focal g++-mingw-w64-i686 package.

[Bug target/102993] -fcf-protection=full produces segfaulting code when targeting 32-bit x86 (i686)

[ebotcazou at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102993

Eric Botcazou <ebotcazou at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|WAITING                     |NEW

--- Comment #8 from Eric Botcazou <ebotcazou at gcc dot gnu.org> ---
We should probably reject any fancy new feature with SJLJ C++ exceptions since
nobody supports or tests them, including -fcf-protection.

[Bug target/102993] -fcf-protection=full produces segfaulting code when targeting 32-bit x86 (i686)

[nightstrike at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102993

nightstrike <nightstrike at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |nightstrike at gmail dot com

--- Comment #9 from nightstrike <nightstrike at gmail dot com> ---
Maybe it's time to disable sjlj support on windows.  dwarf or SEH is better on
average.