public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "christian dot eggers at kathrein dot de" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug c/44554] New: Stack space after sigsetjmp is reused Date: Wed, 16 Jun 2010 07:02:00 -0000 [thread overview] Message-ID: <bug-44554-19164@http.gcc.gnu.org/bugzilla/> (raw) This bug has originally been reported on Glibc bugtracker: http://sourceware.org/bugzilla/show_bug.cgi?id=11670 Please look here first for a detailed description. The __sigsetjmp function returns twice so it's not allowed to reuse stack space of existing automatic variables after this function has been called. C-Code: --------- void *x = malloc(something); do { __pthread_unwind_buf_t __cancel_buf; void *y = x; int not_first_call = __sigsetjmp((struct __jmp_buf_tag *) (void *) __cancel_buf.__cancel_jmp_buf, 0); if (not_first_call) { free(y); __pthread_unwind_next (&__cancel_buf); /* NOTREACHED */ } do { ... } while (0); free(y); } while(0); In the resulting assembler code the second "free(y)" is "replaced" by "free(x)" and the stack space for y is used for something else. This causes problems when __sigsetjmp() returns the second time because the stack memory for "y" may already contain the value of another variable at this time. ASM output: --------- 120: ebfffffe bl 0 <malloc> 124: e50b0280 str r0, [fp, #-640] ; 0x280 <-- x is @ fp,0x280 128: e51bc280 ldr ip, [fp, #-640] ; 0x280 12c: e3a01000 mov r1, #0 130: e24b0f53 sub r0, fp, #332 ; 0x14c 134: e50bc2b8 str ip, [fp, #-696] ; 0x2b8 <-- y is @ fp,0x2b8 138: ebfffffe bl 0 <__sigsetjmp> ... 1f4: e50b52b8 str r5, [fp, #-696] ; 0x2b8 <-- y is overwritten ... 408: e51b0280 ldr r0, [fp, #-640] ; 0x280 <-- y has been 40c: ebffff15 bl 68 <thread_cancel0> replaced by x --------- -- Summary: Stack space after sigsetjmp is reused Product: gcc Version: 4.4.4 Status: UNCONFIRMED Severity: major Priority: P3 Component: c AssignedTo: unassigned at gcc dot gnu dot org ReportedBy: christian dot eggers at kathrein dot de GCC build triplet: x86_64-unknown-linux-gnu GCC host triplet: x86_64-unknown-linux-gnu GCC target triplet: arm-linux-gnueabi http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44554
next reply other threads:[~2010-06-16 7:02 UTC|newest] Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top 2010-06-16 7:02 christian dot eggers at kathrein dot de [this message] 2010-06-16 7:17 ` [Bug c/44554] " christian dot eggers at kathrein dot de 2010-06-16 7:18 ` christian dot eggers at kathrein dot de 2010-06-16 8:59 ` rguenth at gcc dot gnu dot org 2010-06-16 9:06 ` schwab at linux-m68k dot org 2010-06-16 9:45 ` jakub at gcc dot gnu dot org 2010-06-17 18:56 ` [Bug middle-end/44554] " ceggers at gmx dot de 2010-09-08 8:49 ` ibolton at gcc dot gnu dot org 2010-09-08 11:12 ` christian dot eggers at kathrein dot de 2010-09-08 20:06 ` vmakarov at redhat dot com 2010-09-09 6:18 ` christian dot eggers at kathrein dot de 2010-09-09 13:54 ` vmakarov at gcc dot gnu dot org 2010-09-09 13:56 ` vmakarov at gcc dot gnu dot org 2010-09-09 13:59 ` vmakarov at gcc dot gnu dot org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-44554-19164@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).