On x86_64, gcc 4.5.0, this code generates bad assembly: --- C code --- typedef unsigned long size_t; void *memcpy(void *dest, const void *src, size_t n); void buggy_init(void *ptr, size_t size) { const char *str = "Hello world!"; memcpy(ptr, &str, size); } -------------- Compiled with gcc -O -foptimize-sibling-calls, the generated assembly looks like this: -------------- buggy_init: movq %rsi, %rdx movq $.LC0, -16(%rsp) leaq -16(%rsp), %rsi jmp memcpy -------------- which passes rsp-16 as memcpy's second argument. memcpy overwrites this part of the stack, and copies the wrong value, which causes a crash later.
*** This bug has been marked as a duplicate of 43572 ***
Created attachment 20497 [details] Full testcase Proper output: Stored: 0x40071c Got: 0x40071c Hello world! Output with -O -foptimize-sibling-calls: Stored: 0x40070c Got: 0x1 [1] 15940 segmentation fault (core dumped) ./a.out
Subject: Bug 43904 Author: hjl Date: Tue Apr 27 00:25:18 2010 New Revision: 158757 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=158757 Log: Add a run-time testcase for PR tree-optimization/43904. 2010-04-26 H.J. Lu <hongjiu.lu@intel.com> PR tree-optimization/43904 * gcc.dg/tree-ssa/tailcall-6.c: New. Added: trunk/gcc/testsuite/gcc.dg/tree-ssa/tailcall-6.c Modified: trunk/gcc/testsuite/ChangeLog
Subject: Bug 43904 Author: hjl Date: Tue Apr 27 00:30:00 2010 New Revision: 158758 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=158758 Log: Backport testcase from mainline. 2010-04-26 H.J. Lu <hongjiu.lu@intel.com> Backport from mainline 2010-04-26 H.J. Lu <hongjiu.lu@intel.com> PR tree-optimization/43904 * gcc.dg/tree-ssa/tailcall-6.c: New. Added: branches/gcc-4_5-branch/gcc/testsuite/gcc.dg/tree-ssa/tailcall-6.c - copied unchanged from r158757, trunk/gcc/testsuite/gcc.dg/tree-ssa/tailcall-6.c Modified: branches/gcc-4_5-branch/gcc/testsuite/ChangeLog