[Bug c/26463] New: -O2, -O3, -Os segment fault due to bad array index on ARM
dadair at ariodata dot com
gcc-bugzilla@gcc.gnu.org
Sat Feb 25 00:59:00 GMT 2006
Optimization on sample below creates a temporary
pointer &buf[i] where data is written. However
this pointer is not restored to &buf[0] when i
is set to 0.
Occurs on 3.3.3 but not 2.95. I realize that 3.3
is really old, but it would be useful to know if this
has already been fixed and if possible how to write code
that avoids the problem.
# 1 "t.c"
# 1 "<built-in>"
# 1 "<command line>"
# 1 "t.c"
int stdin = 1;
typedef int servinfo_t;
int fgetc(int fh)
{
static int idx = 0;
if (idx++ < (2 * 8192)) {
return (0);
} else {
return (-1);
}
}
int nbsmtp_data_body(servinfo_t *serverinfo)
{
int c;
int last = -1;
int i = 0;
char buf[8192];
for (;;)
{
c = fgetc(stdin);
if ( c != -1 ) {
if (i == (8192 -1)) {
buf[i] = '\0';
i = 0;
}
buf[i++] = (char)c;
if (i == (8192 -1)) {
buf[i] = '\0';
i = 0;
}
last = c;
} else {
buf[i] = '\0';
break;
}
}
return 1;
}
int main(int argc, char *argv[])
{
servinfo_t dummy;
nbsmtp_data_body(&dummy);
return (0);
}
.L14:
ldr r0, [r7, #0]
bl fgetc
cmn r0, #1
ldr r3, .L15+4
beq .L10
cmp r4, r3
moveq r4, r6
addeq r2, sp, #7936
add r4, r4, #1
streqb r6, [r2, #255]
moveq r5, sp
cmp r4, r3
strb r0, [r5], #1
addeq r3, sp, #7936
moveq r4, r6 <<<< Note "i" is updated but r5 is not
streqb r6, [r3, #255]
b .L14
[user@host]> gcc -v --save-temps -O2 -Wall t.c
Reading specs from
/import/arm/eldk31/usr/bin/../lib/gcc-lib/arm-linux/3.3.3/specs
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man
--infodir=/usr/share/info --enable-shared --enable-threads=posix
--disable-checking --with-system-zlib --enable-__cxa_atexit --with-newlib
--enable-languages=c,c++ --disable-libgcj --host=i386-redhat-linux
--target=arm-linux
Thread model: posix
gcc version 3.3.3 (DENX ELDK 3.1 3.3.3-8)
/import/arm/eldk31/usr/bin/../lib/gcc-lib/arm-linux/3.3.3/cc1 -E -quiet -v
-iprefix /import/arm/eldk31/usr/bin/../lib/gcc-lib/arm-linux/3.3.3/
-D__GNUC__=3 -D__GNUC_MINOR__=3 -D__GNUC_PATCHLEVEL__=3 -D__ARM_ARCH_4T__ t.c
-mcpu=arm9 -Wall -O2 t.i
ignoring nonexistent directory "/import/arm/eldk31/usr/arm-linux/sys-include"
ignoring nonexistent directory "/import/arm/eldk31/usr/arm-linux/include"
#include "..." search starts here:
#include <...> search starts here:
/import/arm/eldk31/usr/lib/gcc-lib/arm-linux/3.3.3/include
/import/arm/eldk31/arm/usr/include
End of search list.
/import/arm/eldk31/usr/bin/../lib/gcc-lib/arm-linux/3.3.3/cc1 -fpreprocessed
t.i -quiet -dumpbase t.c -mcpu=arm9 -auxbase t -O2 -Wall -version -o t.s
GNU C version 3.3.3 (DENX ELDK 3.1 3.3.3-8) (arm-linux)
compiled by GNU C version 2.96 20000731 (Red Hat Linux 7.3 2.96-113).
GGC heuristics: --param ggc-min-expand=63 --param ggc-min-heapsize=62917
/import/arm/eldk31/usr/bin/../lib/gcc-lib/arm-linux/3.3.3/../../../../arm-linux/bin/as
-mcpu=arm9 -mfpu=softvfp -o t.o t.s
/import/arm/eldk31/usr/bin/../lib/gcc-lib/arm-linux/3.3.3/collect2
-dynamic-linker /lib/ld-linux.so.2 -X -m armelf_linux -p
/import/arm/eldk31/usr/../arm/usr/lib/crt1.o
/import/arm/eldk31/usr/../arm/usr/lib/crti.o
/import/arm/eldk31/usr/bin/../lib/gcc-lib/arm-linux/3.3.3/crtbegin.o
-L/import/arm/eldk31/usr/bin/../lib/gcc-lib/arm-linux/3.3.3
-L/import/arm/eldk31/usr/bin/../lib/gcc-lib
-L/import/arm/eldk31/usr/lib/gcc-lib/arm-linux/3.3.3
-L/import/arm/eldk31/usr/bin/../lib/gcc-lib/arm-linux/3.3.3/../../../../arm-linux/lib
-L/import/arm/eldk31/usr/lib/gcc-lib/arm-linux/3.3.3/../../../../arm-linux/lib
-L/import/arm/eldk31/usr/../arm/lib -L/import/arm/eldk31/usr/../arm/usr/lib t.o
-lgcc -lc -lgcc
/import/arm/eldk31/usr/bin/../lib/gcc-lib/arm-linux/3.3.3/crtend.o
/import/arm/eldk31/usr/../arm/usr/lib/crtn.o
--
Summary: -O2, -O3, -Os segment fault due to bad array index on
ARM
Product: gcc
Version: 3.3.3
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: dadair at ariodata dot com
GCC build triplet: i386-redhat-linux
GCC host triplet: i386-redhat-linux
GCC target triplet: arm-linux
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=26463
More information about the Gcc-bugs
mailing list