From mboxrd@z Thu Jan 1 00:00:00 1970 From: hcs@icshu.com To: gcc-gnats@gcc.gnu.org Subject: c/3710: segfaulting code generated with -O2 -fomit-frame-pointer (kernel!) Date: Tue, 17 Jul 2001 06:56:00 -0000 Message-id: <20010717134933.12669.qmail@sourceware.cygnus.com> X-SW-Source: 2001-07/msg00441.html List-Id: >Number: 3710 >Category: c >Synopsis: segfaulting code generated with -O2 -fomit-frame-pointer (kernel!) >Confidential: no >Severity: critical >Priority: high >Responsible: unassigned >State: open >Class: wrong-code >Submitter-Id: net >Arrival-Date: Tue Jul 17 06:56:01 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Csaba Halasz >Release: gcc version 3.0.1 20010626 (prerelease) >Organization: >Environment: http://www.codesourcery.com/gcc-compile.shtml >Description: Bad code generated for the loop marked "Set the p-boxes" .L16: movl bf_pbox(,%edx,4), %eax movl -44(%ebp), %ebp <-- !!! movl %eax, (%ebp,%edx,4) incl %edx decw %di jns .L16 All the other stuff is needed otherwise the bug does not occur. This is an extract from the blowfish cipher in the international kernel patch. >How-To-Repeat: /* Compile with gcc -O2 -fomit-frame-pointer loopbug.c */ #define u8 unsigned char #define u32 unsigned int struct cipher_context; struct cipher_context { u32 *keyinfo; }; static u32 bf_pbox[16 + 2] = {0, }; static u32 bf_sbox[256 * 4] = {0, }; typedef struct blow_key { u32 P[18]; u32 S[1024]; } blow_key; int blowfish_encrypt (struct cipher_context *cx, const u8 * in8, u8 * out8, int size, int atomic) { return 0; } /* Sets the blowfish S and P boxes for encryption and decryption. */ int blowfish_set_key (struct cipher_context *cx, unsigned char *key, int keybytes, int atomic) { blow_key *key2 = (blow_key *) cx->keyinfo; short i; short j; short count; u32 data[2]; u32 *P = key2->P; u32 *S = key2->S; /* Copy the initialization s-boxes */ for (i = 0, count = 0; i < 256; i++) for (j = 0; j < 4; j++, count++) S[count] = bf_sbox[count]; /* Set the p-boxes */ for (i = 0; i < 16 + 2; i++) P[i] = bf_pbox[i]; for (i = 0; i < 16 + 2; i += 2) { blowfish_encrypt (cx, (u8 *) data, (u8 *) data, 8, atomic); P[i] = data[0]; P[i + 1] = data[1]; } for (i = 0; i < 4; i++) { for (j = 0, count = i * 256; j < 256; j += 2, count += 2) { blowfish_encrypt (cx, (u8 *) data, (u8 *) data, 8, atomic); S[count] = data[0]; S[count + 1] = data[1]; } } return 0; } int main(int argc, char* argv[]) { struct cipher_context cx; struct blow_key bk; cx.keyinfo = (u32*)&bk; blowfish_set_key(&cx, "1234567890123456", 16, 0); return 0; } >Fix: use gcc-2.95 (and even that reloads a constant in each iteration!) >Release-Note: >Audit-Trail: >Unformatted: