<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - lld overwrites first byte of jump table"
href="https://bugs.llvm.org/show_bug.cgi?id=35819">35819</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>lld overwrites first byte of jump table
</td>
</tr>
<tr>
<th>Product</th>
<td>lld
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Macintosh
</td>
</tr>
<tr>
<th>OS</th>
<td>MacOS X
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>enhancement
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>MachO
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>t.schaub@gmx.de
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org
</td>
</tr></table>
<p>
<div>
<pre>lld seems to overwrite the first byte of the jump table. Consider the following
program
inline int some_number()
{
return 0;
}
int main()
{
switch (some_number())
{
case 0:
break;
case 1:
break;
case 2:
break;
case 3:
break;
}
}
Compiling this results in
% clang++ -v
Apple LLVM version 8.1.0 (clang-802.0.42)
Target: x86_64-apple-darwin16.7.0
Thread model: posix
InstalledDir:
/Applications/Xcode8.3.3.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
% clang++ -c -o main.cpp.o main.cpp
% otool -tV main.cpp.o
build/main.cpp.o:
(__TEXT,__text) section
_main:
0000000000000000 pushq %rbp
...
0000000000000059 nopl _main(%rax)
000000000000005c .long 4294967264 @ KIND_JUMP_TABLE32
0000000000000060 .long 4294967269 @ KIND_JUMP_TABLE32
0000000000000064 .long 4294967274 @ KIND_JUMP_TABLE32
0000000000000068 .long 4294967279 @ KIND_JUMP_TABLE32
000000000000006c nopl (%rax)
When linking this program with ld I get
% ld -v
@(#)PROGRAM:ld PROJECT:ld64-278.4
configured to support archs: armv6 armv7 armv7s arm64 i386 x86_64 x86_64h
armv6m armv7k armv7m armv7em (tvOS)
LTO support using: LLVM version 8.1.0, (clang-802.0.42)
TAPI support using: Apple TAPI version 1.33.11
% ld -arch x86_64 -o main-ld main.cpp.o -lSystem
% otool -t main-ld
main-ld:
Contents of (__TEXT,__text) section
0000000100000f20 55 48 89 e5 48 83 ec 20 c7 45 fc 00 00 00 00 e8
0000000100000f30 64 00 00 00 89 c1 89 ca 83 e8 03 48 89 55 f0 89
0000000100000f40 45 ec 0f 87 28 00 00 00 48 8d 05 2d 00 00 00 48
0000000100000f50 8b 4d f0 48 63 14 88 48 01 c2 ff e2 e9 0f 00 00
0000000100000f60 00 e9 0a 00 00 00 e9 05 00 00 00 e9 00 00 00 00
0000000100000f70 8b 45 fc 48 83 c4 20 5d c3 0f 1f 00 e0 ff ff ff
0000000100000f80 e5 ff ff ff ea ff ff ff ef ff ff ff 0f 1f 40 00
0000000100000f90 55 48 89 e5 31 c0 5d c3
The first jump table entry is at 0x100000f20 + 0x5c = 0x100000F7C and has the
value ffffffe0 (or 4294967264 in decimal) which is the value from the object
file.
Now, doing the same with lld I get
% ~/foreign/llvm-master-install/bin/ld64.lld -arch x86_64 -o main-lld
main.cpp.o -lSystem
% otool -t main-lld
main-lld:
Contents of (__TEXT,__text) section
0000000100000f30 55 48 89 e5 48 83 ec 20 c7 45 fc 00 00 00 00 e8
0000000100000f40 5c 00 00 00 89 c1 89 ca 83 e8 03 48 89 55 f0 89
0000000100000f50 45 ec 0f 87 28 00 00 00 48 8d 05 2d 00 00 00 48
0000000100000f60 8b 4d f0 48 63 14 88 48 01 c2 ff e2 e9 0f 00 00
0000000100000f70 00 e9 0a 00 00 00 e9 05 00 00 00 e9 00 00 00 00
0000000100000f80 8b 45 fc 48 83 c4 20 5d c3 0f 1f 00 a4 ff ff ff
0000000100000f90 e5 ff ff ff ea ff ff ff ef ff ff ff 90 ff ff ff
0000000100000fa0 55 48 89 e5 31 c0 5d c3
The first jump table entry is at 0x100000f30 + 0x5c = 0x100000F8C and has the
value ffffffa4 (or 4294967204 in decimal) which is NOT the value from the
object file. In particular, the first byte is a4 instead of e0. I'm not sure if
that's a coincidence, but this jumps to the start of the function (and not to
the appropriate case handler).
Note that lld was built from LLVM commit
f494e856dbbecfdc2958a07cd4acc3c6a7ed7533 and lld commit
874cf0193393de7ad4b480d8519a6e40375cf938. Also I only tried this for MachO.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>