tinycc-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Tinycc-devel] Memory corruption bug in libtcc

From: Thomas Preud'homme
Subject: Re: [Tinycc-devel] Memory corruption bug in libtcc
Date: Mon, 23 Jan 2012 11:30:54 +0100
User-agent: KMail/1.13.7 (Linux/3.1.0-1-amd64; KDE/4.6.5; x86_64; ; ) 
Le lundi 23 janvier 2012 01:53:21, Daniel Glöckner a écrit :
> On Mon, Jan 23, 2012 at 12:14:58AM +0100, grischka wrote:
> > Thomas Preud'homme wrote:
> > >>Similar bug happens for i386 for example with
> > >>
> > >>     double bar(double a, double b, double c, double d);
> > >>     double foo (double *p)
> > >>     {
> > >>     
> > >>         return bar(p[1], p[2], p[3], p[4]);
> > >>     
> > >>     }
> > >>
> > >>which produces
> > >>
> > >>   49:   8b 5d fc                mov    0xfffffffc(%ebp),%ebx
> > >>   4c:   dd 03                   fldl   (%ebx)
> > >>
> > >>It should never use %ebx.  Hope this helps.
> > >
> > >Are you working on a fix? I looked for some use of ebx in i386-*
> > >and didn't see any reference to ebx or rbx which looked
> > >suspicious. Would it be a wrong construction of an instruction?
> > 
> > Good question ;)
> 
> Fixed in mob
Great, thanks a lot.
> 
>   Daniel
Shouldn't the same fix (Cf attached file) be applied for x86-64? As I'm not 
sure 
about the answer I didn't dare to commit the change.

Best regards,

Thomas Preud'homme
> 
> _______________________________________________
> Tinycc-devel mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/tinycc-devel

Attachment: x86-64_rbx.patch
Description: Text Data

Attachment: signature.asc
Description: This is a digitally signed message part.

reply via email to
[Prev in Thread] Current Thread [Next in Thread]