<html>

    <head>

      <base href="https://llvm.org/bugs/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW --- - Programs falsly report stack check failure on Android x86"

   href="https://llvm.org/bugs/show_bug.cgi?id=30940">30940</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Programs falsly report stack check failure on Android x86

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>libraries

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>3.9

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>Other

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>other

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Backend: X86

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>strager@fb.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=17566" name="attach_17566" title="NDK project of small program demonstrating the bug.">attachment 17566</a> <a href="attachment.cgi?id=17566&action=edit" title="NDK project of small program demonstrating the bug.">[details]</a></span>

NDK project of small program demonstrating the bug.

As of LLVM r265481, code generated by Clang for -fstack-protector for Android

x86 does not function properly on shipping version of Android such as Android

4.1 (API level 16). r265481 has a runtime dependency on a change in Android's

libc (Bionic) which does not exist on these older versions of Android.

Attached is a test case which demonstrates the issue. The test case shows that

modifying a user-allocated thread-specific variable causes the program to crash

when the stack-protected function returns. Clang thinks the stack canary

changed, but in reality the “guard value” changed.

To build the test case, install the Android NDK (which includes Clang) and the

API level 16 Android x86 emulator (from the Android SDK) and run:

$ ndk-build NDK_TOOLCHAIN_VERSION=clang

$ adb push libs/x86/stack-protector-bug /data/local/tmp/stack-protector-bug

$ adb shell /data/local/tmp/stack-protector-bug

A toolchain without this bug (e.g. LLVM master with the attached patch) will

cause the program to print:

About to return...

Did not crash

A toolchain with this bug (e.g. LLVM master) will cause the program to raise

SIGABRT due to a call to __stack_chk_fail.

Attached is a patch which fixes the issue. I don't think it's sufficient,

though; it effectively undoes the optimizations in r265481.

Note: This bug is also present in GCC 4.9.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>