public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/63293] New: [AArch64] can read from deallocated stack
@ 2014-09-18 9:12 jiong.wang at arm dot com
2014-09-18 12:01 ` [Bug target/63293] " pinskia at gcc dot gnu.org
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: jiong.wang at arm dot com @ 2014-09-18 9:12 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63293
Bug ID: 63293
Summary: [AArch64] can read from deallocated stack
Product: gcc
Version: 5.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: jiong.wang at arm dot com
With GCC: (GNU) 5.0.0 20140917
give the following testcase
typedef double t;
void bar (t*);
t g ()
{
t data[8192];
data[4293] = data[4266] = 0;
bar(data);
return data[4293] + data[4266];
}
Compiling with "-O2 -mno-lra -fomit-frame-pointer" we get:
.cpu generic+fp+simd
.file "test.c"
.text
.align 2
.global f
.type f, %function
f:
add x1, x0, 4093
add x0, x0, 4096
ldr d1, [x1]
ldr d0, [x0, 170]
fadd d0, d1, d0
ret
.size f, .-f
.align 2
.global g
.type g, %function
g:
sub sp, sp, #65536
fmov d0, xzr
str x30, [sp, -16]!
add x1, sp, 32768
add x0, sp, 16
str d0, [x1, 1376]
str d0, [x1, 1592]
bl bar
add x0, sp, 32768
ldr x30, [sp], 16
ldr d0, [x0, 1376]
add sp, sp, 65536
ldr d1, [x0, 1592]
fadd d0, d1, d0
ret
Note that at the end we have x0=sp+32768; sp+=65536; ldr [x0+1592]
Which means the last load is from deallocated stack space.
This is a silent wrong-code bug of the worst kind; programs could fail
sporadically with this if an interrupt happens at the wrong instant in time and
data was written onto the current stack.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug target/63293] [AArch64] can read from deallocated stack
2014-09-18 9:12 [Bug c/63293] New: [AArch64] can read from deallocated stack jiong.wang at arm dot com
@ 2014-09-18 12:01 ` pinskia at gcc dot gnu.org
2014-09-18 12:40 ` ktkachov at gcc dot gnu.org
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: pinskia at gcc dot gnu.org @ 2014-09-18 12:01 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63293
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|c |target
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
I don't remember seeing a stack tie being emitted from the backend.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug target/63293] [AArch64] can read from deallocated stack
2014-09-18 9:12 [Bug c/63293] New: [AArch64] can read from deallocated stack jiong.wang at arm dot com
2014-09-18 12:01 ` [Bug target/63293] " pinskia at gcc dot gnu.org
@ 2014-09-18 12:40 ` ktkachov at gcc dot gnu.org
2014-10-28 11:11 ` ramana at gcc dot gnu.org
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: ktkachov at gcc dot gnu.org @ 2014-09-18 12:40 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63293
ktkachov at gcc dot gnu.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |wrong-code
Status|UNCONFIRMED |NEW
Last reconfirmed| |2014-09-18
CC| |ktkachov at gcc dot gnu.org
Ever confirmed|0 |1
--- Comment #2 from ktkachov at gcc dot gnu.org ---
Confirmed
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug target/63293] [AArch64] can read from deallocated stack
2014-09-18 9:12 [Bug c/63293] New: [AArch64] can read from deallocated stack jiong.wang at arm dot com
2014-09-18 12:01 ` [Bug target/63293] " pinskia at gcc dot gnu.org
2014-09-18 12:40 ` ktkachov at gcc dot gnu.org
@ 2014-10-28 11:11 ` ramana at gcc dot gnu.org
2014-10-28 11:14 ` jiwang at gcc dot gnu.org
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: ramana at gcc dot gnu.org @ 2014-10-28 11:11 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63293
Ramana Radhakrishnan <ramana at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
CC| |ramana at gcc dot gnu.org
Target Milestone|--- |5.0
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug target/63293] [AArch64] can read from deallocated stack
2014-09-18 9:12 [Bug c/63293] New: [AArch64] can read from deallocated stack jiong.wang at arm dot com
` (2 preceding siblings ...)
2014-10-28 11:11 ` ramana at gcc dot gnu.org
@ 2014-10-28 11:14 ` jiwang at gcc dot gnu.org
2014-11-04 17:14 ` jiwang at gcc dot gnu.org
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: jiwang at gcc dot gnu.org @ 2014-10-28 11:14 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63293
--- Comment #3 from Jiong Wang <jiwang at gcc dot gnu.org> ---
patch pending review here
https://gcc.gnu.org/ml/gcc-patches/2014-09/msg02292.html
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug target/63293] [AArch64] can read from deallocated stack
2014-09-18 9:12 [Bug c/63293] New: [AArch64] can read from deallocated stack jiong.wang at arm dot com
` (3 preceding siblings ...)
2014-10-28 11:14 ` jiwang at gcc dot gnu.org
@ 2014-11-04 17:14 ` jiwang at gcc dot gnu.org
2014-11-04 17:15 ` jiwang at gcc dot gnu.org
2015-02-10 8:17 ` collison at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: jiwang at gcc dot gnu.org @ 2014-11-04 17:14 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63293
--- Comment #4 from Jiong Wang <jiwang at gcc dot gnu.org> ---
Author: jiwang
Date: Tue Nov 4 17:13:25 2014
New Revision: 217091
URL: https://gcc.gnu.org/viewcvs?rev=217091&root=gcc&view=rev
Log:
[AArch64] fix unsafe access to deallocated stack
2014-11-04 Jiong Wang <jiong.wang@arm.com>
2014-11-04 Wilco Dijkstra <wilco.dijkstra@arm.com>
gcc/
PR target/63293
* config/aarch64/aarch64.c (aarch64_expand_epiloue): Add barriers before
stack adjustment.
Modified:
trunk/gcc/ChangeLog
trunk/gcc/config/aarch64/aarch64.c
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug target/63293] [AArch64] can read from deallocated stack
2014-09-18 9:12 [Bug c/63293] New: [AArch64] can read from deallocated stack jiong.wang at arm dot com
` (4 preceding siblings ...)
2014-11-04 17:14 ` jiwang at gcc dot gnu.org
@ 2014-11-04 17:15 ` jiwang at gcc dot gnu.org
2015-02-10 8:17 ` collison at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: jiwang at gcc dot gnu.org @ 2014-11-04 17:15 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63293
Jiong Wang <jiwang at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #5 from Jiong Wang <jiwang at gcc dot gnu.org> ---
mark as fixed.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug target/63293] [AArch64] can read from deallocated stack
2014-09-18 9:12 [Bug c/63293] New: [AArch64] can read from deallocated stack jiong.wang at arm dot com
` (5 preceding siblings ...)
2014-11-04 17:15 ` jiwang at gcc dot gnu.org
@ 2015-02-10 8:17 ` collison at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: collison at gcc dot gnu.org @ 2015-02-10 8:17 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63293
--- Comment #6 from collison at gcc dot gnu.org ---
Author: collison
Date: Tue Feb 10 08:17:09 2015
New Revision: 220574
URL: https://gcc.gnu.org/viewcvs?rev=220574&root=gcc&view=rev
Log:
2015-02-10 Michael Collison <michael.collison@linaro.org>
Backport from trunk r217091.
2014-11-04 Jiong Wang <jiong.wang@arm.com>
2014-11-04 Wilco Dijkstra <wilco.dijkstra@arm.com>
PR target/63293
* config/aarch64/aarch64.c (aarch64_expand_epiloue): Add barriers before
stack adjustment.
Modified:
branches/linaro/gcc-4_9-branch/gcc/ChangeLog.linaro
branches/linaro/gcc-4_9-branch/gcc/config/aarch64/aarch64.c
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2015-02-10 8:17 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-09-18 9:12 [Bug c/63293] New: [AArch64] can read from deallocated stack jiong.wang at arm dot com
2014-09-18 12:01 ` [Bug target/63293] " pinskia at gcc dot gnu.org
2014-09-18 12:40 ` ktkachov at gcc dot gnu.org
2014-10-28 11:11 ` ramana at gcc dot gnu.org
2014-10-28 11:14 ` jiwang at gcc dot gnu.org
2014-11-04 17:14 ` jiwang at gcc dot gnu.org
2014-11-04 17:15 ` jiwang at gcc dot gnu.org
2015-02-10 8:17 ` collison at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).