[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Tinycc-devel] Memory corruption bug in libtcc

From: Thomas Preud'homme
Subject: Re: [Tinycc-devel] Memory corruption bug in libtcc
Date: Sun, 22 Jan 2012 21:38:04 +0100
User-agent: KMail/1.13.7 (Linux/3.2.0-1-amd64; KDE/4.6.5; x86_64; ; )

Le dimanche 22 janvier 2012 14:15:31, grischka a écrit :
> Andreas Eriksson wrote:
> > Hi.
> > 
> > I encountered a memory corruption bug in libtcc. It seems to put
> > random data into random data structures of the program that are
> > unrelated to libtcc. I've been able to reproduce the bug using a
> > simple test-case, which is attached. The output of what I get when I
> > run the test-case is also attached.
> > 
> > I encountered the bug on a x86_64 linux system, and the test case was
> > compiled using gcc 4.6.2. It was linked against the latest git version
> > of tcc. What optimization flag you use with gcc seem to affect how the
> > bug manifests itself. The output I've attached is what I get when I
> > compile using -O2, if I compile using -O1 I get a segfault instead.
> > 
> > I can't debug this any further due to lack of knowledge of tcc
> > internals, but hopefully one of you can figure it out from this. If
> > you need any more information from me let me know.
> It seems it is not memory corruption but that the code generated
> by tcc is using register rbx which it should not.
> Similar bug happens for i386 for example with
>      double bar(double a, double b, double c, double d);
>      double foo (double *p)
>      {
>          return bar(p[1], p[2], p[3], p[4]);
>      }
> which produces
>    49:   8b 5d fc                mov    0xfffffffc(%ebp),%ebx
>    4c:   dd 03                   fldl   (%ebx)
> It should never use %ebx.  Hope this helps.
Are you working on a fix? I looked for some use of ebx in i386-* and didn't see 
any reference to ebx or rbx which looked suspicious. Would it be a wrong 
construction of an instruction?
> --- grischka
Best regards,

Thomas Preud'homme
> > Regards
> > 
> > Andreas Eriksson
> _______________________________________________
> Tinycc-devel mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/tinycc-devel

Attachment: signature.asc
Description: This is a digitally signed message part.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]