[Bug ada/25819] CXF3A01 core dump

danglin at gcc dot gnu dot org gcc-bugzilla@gcc.gnu.org
Sun Jun 29 03:29:00 GMT 2008 


------- Comment #9 from danglin at gcc dot gnu dot org  2008-06-29 03:29 -------
The linux and hpux problems are the same.  It appears this code in
ada__text_io__editing__expand() is stomping on the function context.
In particular, the high order byte of the fc->prev value stomped on.

            when others =>
               Result (Result_Index) := Picture (Picture_Index);
               Picture_Index := Picture_Index + 1;
               Result_Index := Result_Index + 1;

The corresponding assembler code is

0x0002c48c <ada__text_io__editing__expand+268>: ldw -a4(,sp),ret1
0x0002c490 <ada__text_io__editing__expand+272>: add,l r22,ret1,ret0
0x0002c494 <ada__text_io__editing__expand+276>: stb r20,0(,ret0)
0x0002c498 <ada__text_io__editing__expand+280>: ldo 1(ret1),ret1
0x0002c49c <ada__text_io__editing__expand+284>: ldo 1(r19),r19
0x0002c4a0 <ada__text_io__editing__expand+288>: stw ret1,-a4(,sp)
0x0002c4a4 <ada__text_io__editing__expand+292>: ldw -90(,sp),r20

(gdb) p/x $r20
$9 = 0x39
(gdb) p $r22
$3 = 2130644039
(gdb) p $ret1
$4 = 65
(gdb) p/x $ret1 + $r22
$7 = 0x7eff0c88
(gdb) c
Continuing.

Breakpoint 15, _Unwind_SjLj_Unregister (fc=0x7eff0c88)
    at ../../../gcc/libgcc/../gcc/unwind-sjlj.c:173
173     {
(gdb) p &fc->prev
$10 = (struct SjLj_Function_Context **) 0x7eff0c88
(gdb) p *fc
$11 = {prev = 0x39ff0ac8, call_site = 4, data = {1073765631, 2130643768, 
    55035, 140523}, personality = 0x4000315a <U_ARM_MASK+1030>, 
  lsda = 0x400022ac}

_Unwind_SjLj_Unregister installs fc->prev and this leads to a segv when
the context is accessed.

It appears the offset of 65 is outside the bounds of the Result array.


-- 

danglin at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  GCC build triplet|hppa2.0w-hp-hpux11.11       |hppa*-*-*
   GCC host triplet|hppa2.0w-hp-hpux11.11       |hppa*-*-*
 GCC target triplet|hppa2.0w-hp-hpux11.11       |hppa*-*-*


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=25819

More information about the Gcc-bugs mailing list