[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Tinycc-devel] Bug: array references with long long ints on i386
From: |
Thomas Preud'homme |
Subject: |
Re: [Tinycc-devel] Bug: array references with long long ints on i386 |
Date: |
Wed, 11 Jul 2012 23:44:47 +0200 |
User-agent: |
KMail/1.13.7 (Linux/3.2.0-3-amd64; KDE/4.8.4; x86_64; ; ) |
Grishka and Daniel, please see below.
Here is the patch (see attached file).
So the thing is during gv() on a long long on i386 at some point the vstack
contains at the top 2 values like this:
vtop
register r contains the address of the value to load
register r2 can contain anything (can be a valid register)
vtop-1
register r contains the most significant bits of the value
register r2 can contain anything (same value as in vtop)
get_reg tries first to free r before r2 so if r2 is a valid register, get_reg
will try to free a register and the first one it will find to free is the
register r of vtop-1 which leads to the bug. It's possible in gv to ignore how
get_reg works but that requires a for loop to retry until get_reg returns 2
differents registers. The other solution is to ensure that get_reg tries r2
first, which is what the patch does.
Grishka and Daniel, do you know any place in the code which could rely on the
previous behavior of get_reg()? If yes please revert the commit
d1694f7d7e6d96f64d1330c9b43491b613272b1e.
Best regards,
Thomas Preud'homme
gv_load_value_in_register.diff
Description: Text Data
signature.asc
Description: This is a digitally signed message part.