public inbox for gcc-cvs@sourceware.org help / color / mirror / Atom feed
From: Richard Sandiford <rsandifo@gcc.gnu.org> To: gcc-cvs@gcc.gnu.org Subject: [gcc r11-3427] arm: Fix canary address calculation for non-PIC Date: Thu, 24 Sep 2020 09:06:38 +0000 (GMT) [thread overview] Message-ID: <20200924090638.8E1CB385043D@sourceware.org> (raw) https://gcc.gnu.org/g:e94797250b403d66cb3624a594e41faf0dd76617 commit r11-3427-ge94797250b403d66cb3624a594e41faf0dd76617 Author: Richard Sandiford <richard.sandiford@arm.com> Date: Thu Sep 24 10:06:11 2020 +0100 arm: Fix canary address calculation for non-PIC For non-PIC, the stack protector patterns did: rtx mem = XEXP (force_const_mem (SImode, operands[1]), 0); emit_move_insn (operands[2], mem); Here, operands[1] is the address of the canary (&__stack_chk_guard) and operands[2] is the register that we want to move that address into. However, the code above instead sets operands[2] to the address of a constant pool entry that contains &__stack_chk_guard, rather than to &__stack_chk_guard itself. The sequence therefore does one less pointer indirection than it should. The net effect was to use &__stack_chk_guard for stack-smash detection, instead of using __stack_chk_guard itself. gcc/ * config/arm/arm.md (*stack_protect_combined_set_insn): For non-PIC, load the address of the canary rather than the address of the constant pool entry that points to it. (*stack_protect_combined_test_insn): Likewise. gcc/testsuite/ * gcc.target/arm/stack-protector-3.c: New test. * gcc.target/arm/stack-protector-4.c: Likewise. Diff: --- gcc/config/arm/arm.md | 4 +-- gcc/testsuite/gcc.target/arm/stack-protector-3.c | 38 ++++++++++++++++++++++++ gcc/testsuite/gcc.target/arm/stack-protector-4.c | 6 ++++ 3 files changed, 46 insertions(+), 2 deletions(-) diff --git a/gcc/config/arm/arm.md b/gcc/config/arm/arm.md index bffdb0b3987..c4fa116ab77 100644 --- a/gcc/config/arm/arm.md +++ b/gcc/config/arm/arm.md @@ -9212,7 +9212,7 @@ operands[2] = operands[1]; else { - rtx mem = XEXP (force_const_mem (SImode, operands[1]), 0); + rtx mem = force_const_mem (SImode, operands[1]); emit_move_insn (operands[2], mem); } } @@ -9295,7 +9295,7 @@ operands[3] = operands[1]; else { - rtx mem = XEXP (force_const_mem (SImode, operands[1]), 0); + rtx mem = force_const_mem (SImode, operands[1]); emit_move_insn (operands[3], mem); } } diff --git a/gcc/testsuite/gcc.target/arm/stack-protector-3.c b/gcc/testsuite/gcc.target/arm/stack-protector-3.c new file mode 100644 index 00000000000..b8f77fa2309 --- /dev/null +++ b/gcc/testsuite/gcc.target/arm/stack-protector-3.c @@ -0,0 +1,38 @@ +/* { dg-do run } */ +/* { dg-require-effective-target fstack_protector } */ +/* { dg-options "-fstack-protector-all -O2" } */ + +extern volatile long *stack_chk_guard_ptr; + +void __attribute__ ((noipa)) +f (void) +{ + volatile int x; + /* Munging the contents of __stack_chk_guard should trigger a + stack-smashing failure for this function. */ + *stack_chk_guard_ptr += 1; +} + +asm ( +" .data\n" +" .align 3\n" +" .globl stack_chk_guard_ptr\n" +"stack_chk_guard_ptr:\n" +" .word __stack_chk_guard\n" +" .weak __stack_chk_guard\n" +"__stack_chk_guard:\n" +" .word 0xdead4321\n" +" .text\n" +" .type __stack_chk_fail, %function\n" +"__stack_chk_fail:\n" +" movs r0, #0\n" +" b exit\n" +" .size __stack_chk_fail, .-__stack_chk_fail" +); + +int +main (void) +{ + f (); + __builtin_abort (); +} diff --git a/gcc/testsuite/gcc.target/arm/stack-protector-4.c b/gcc/testsuite/gcc.target/arm/stack-protector-4.c new file mode 100644 index 00000000000..6334dd00908 --- /dev/null +++ b/gcc/testsuite/gcc.target/arm/stack-protector-4.c @@ -0,0 +1,6 @@ +/* { dg-do run } */ +/* { dg-require-effective-target fstack_protector } */ +/* { dg-require-effective-target fpic } */ +/* { dg-options "-fstack-protector-all -O2 -fpic" } */ + +#include "stack-protector-3.c"
reply other threads:[~2020-09-24 9:06 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200924090638.8E1CB385043D@sourceware.org \ --to=rsandifo@gcc.gnu.org \ --cc=gcc-cvs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).