[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Tinycc-devel] Memory corruption bug in libtcc

From: grischka
Subject: Re: [Tinycc-devel] Memory corruption bug in libtcc
Date: Mon, 23 Jan 2012 00:14:58 +0100
User-agent: Thunderbird (Windows/20100228)

Thomas Preud'homme wrote:
Similar bug happens for i386 for example with

     double bar(double a, double b, double c, double d);
     double foo (double *p)
         return bar(p[1], p[2], p[3], p[4]);

which produces
   49:   8b 5d fc                mov    0xfffffffc(%ebp),%ebx
   4c:   dd 03                   fldl   (%ebx)

It should never use %ebx.  Hope this helps.
Are you working on a fix? I looked for some use of ebx in i386-* and didn't see any reference to ebx or rbx which looked suspicious. Would it be a wrong construction of an instruction?

Good question ;)

--- grischka

reply via email to

[Prev in Thread] Current Thread [Next in Thread]