From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 16232 invoked by alias); 21 Nov 2012 17:42:54 -0000 Received: (qmail 16188 invoked by uid 48); 21 Nov 2012 17:42:35 -0000 From: "bugdal at aerifal dot cx" To: gcc-bugs@gcc.gnu.org Subject: [Bug target/55431] New: Invalid auxv search in ppc linux-unwind code. Date: Wed, 21 Nov 2012 17:42:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: target X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: bugdal at aerifal dot cx X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org X-SW-Source: 2012-11/txt/msg02073.txt.bz2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=55431 Bug #: 55431 Summary: Invalid auxv search in ppc linux-unwind code. Classification: Unclassified Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: target AssignedTo: unassigned@gcc.gnu.org ReportedBy: bugdal@aerifal.cx config/rs6000/linux-unwind.h contains a function ppc_linux_aux_vector which searches for the aux vector based on __libc_stack_end; the only use of this function is to lookup the AT_HWCAP bitfield provided by the kernel. The results seem to be used only for premature optimization: optimizing out copying register sets that aren't used on the current cpu model. Unfortunately, the method used to search for auxv is invalid at the time the call to ppc_linux_aux_vector is made. The array pointed to by extern char **environ; may be modified by the application; for example it may be truncated to clear the environment by writing *environ = 0; In this case, the old, no-longer-used part of the environ array will be incorrectly interpreted as the aux vector, causing the unwind code not to find the hwcap values and thus not to save the register sets it needs to save. I found this bug while debugging a report that gcc couldn't be built for powerpc on musl libc due to missing __libc_stack_end symbol. I don't see anywhere that it's documented that __libc_stack_end points to the original argc slot passed from the kernel, rather than some arbitrary address between main's stack frame and argv[], so I think it's very bad design to be relying on this implementation-detail anyway. The fix I would like to see is the complete removal of ppc_linux_aux_vector and updating ppc_fallback_frame_state not to care which register sets are actually in use.