[llvm-bugs] [Bug 42136] New: Shrink wrap can leave accesses to stack objects after frame destruction
via llvm-bugs
llvm-bugs at lists.llvm.org
Wed Jun 5 02:55:12 PDT 2019
https://bugs.llvm.org/show_bug.cgi?id=42136
Bug ID: 42136
Summary: Shrink wrap can leave accesses to stack objects after
frame destruction
Product: libraries
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: Common Code Generator Code
Assignee: unassignedbugs at nondot.org
Reporter: david.green at arm.com
CC: efriedma at quicinc.com, llvm-bugs at lists.llvm.org,
t.p.northover at gmail.com
Something like this code:
void compiler_pop_stack(unsigned num)
{
unsigned rstack[16];
if (num <= 1U) {
return;
}
rstack[0] = 0;
for (unsigned ptr = 1; ptr > 0; ptr--) {
if (0 < rstack[ptr]) {
ptr++;
}
}
}
Produces this assembly:
clang --target=aarch64-arm-none-eabi -march=armv8-a -Os test.c -S -o -
.globl compiler_pop_stack
.p2align 2
.type compiler_pop_stack, at function
compiler_pop_stack:
cmp w0, #2
b.lo .LBB0_3
str wzr, [sp, #-64]! <<< Stack is setup
mov w8, #1
mov x9, sp
add sp, sp, #64 <<< Stack is restored
.LBB0_2:
ldr w10, [x9, w8, uxtw #2] <<< Stack object is used in loop
cmp w10, #0
cinc w8, w8, ne
subs w8, w8, #1
b.ne .LBB0_2
.LBB0_3:
ret
If we take an exception between the stack restore and the accesses in the loop,
we can end up corrupting the stack items that are still in use.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20190605/9a00d6e9/attachment.html>
More information about the llvm-bugs
mailing list