tinycc-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Tinycc-devel] Memory corruption bug in libtcc


From: grischka
Subject: Re: [Tinycc-devel] Memory corruption bug in libtcc
Date: Sun, 22 Jan 2012 14:15:31 +0100
User-agent: Thunderbird 2.0.0.24 (Windows/20100228)

Andreas Eriksson wrote:
Hi.

I encountered a memory corruption bug in libtcc. It seems to put
random data into random data structures of the program that are
unrelated to libtcc. I've been able to reproduce the bug using a
simple test-case, which is attached. The output of what I get when I
run the test-case is also attached.

I encountered the bug on a x86_64 linux system, and the test case was
compiled using gcc 4.6.2. It was linked against the latest git version
of tcc. What optimization flag you use with gcc seem to affect how the
bug manifests itself. The output I've attached is what I get when I
compile using -O2, if I compile using -O1 I get a segfault instead.

I can't debug this any further due to lack of knowledge of tcc
internals, but hopefully one of you can figure it out from this. If
you need any more information from me let me know.

It seems it is not memory corruption but that the code generated
by tcc is using register rbx which it should not.

Similar bug happens for i386 for example with

    double bar(double a, double b, double c, double d);
    double foo (double *p)
    {
        return bar(p[1], p[2], p[3], p[4]);
    }

which produces
  49:   8b 5d fc                mov    0xfffffffc(%ebp),%ebx
  4c:   dd 03                   fldl   (%ebx)

It should never use %ebx.  Hope this helps.

--- grischka


Regards

Andreas Eriksson




reply via email to

[Prev in Thread] Current Thread [Next in Thread]