[LLVMbugs] [Bug 5461] New: alloca generated code overwrites return address on the stack

bugzilla-daemon at cs.uiuc.edu bugzilla-daemon at cs.uiuc.edu
Tue Nov 10 17:11:21 PST 2009


           Summary: alloca generated code overwrites return address on the
           Product: libraries
           Version: trunk
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Backend: X86
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: vargaz at gmail.com
                CC: llvmbugs at cs.uiuc.edu


define private i32 @foo () {
                ret i32 0

define i32 @"main"() {
  %1 = alloca [5 x i8], align 16                  ; <[5 x i8]*> [#uses=1]
  %.sub = getelementptr inbounds [5 x i8]* %1, i64 0, i64 0 ; <i8*> [#uses=1]
  call void @llvm.memset.i32(i8* %.sub, i8 0, i32 16, i32 16)
  %2 = call i32 @foo()                             ; <i32> [#uses=1]
  ret i32 %2

declare void @llvm.memset.i32(i8 *, i8,
                                i32, i32)

Platform: debian unstable on amd64.

Compile with:

llvm-as bug.ll && llc bug.bc && gcc bug.s

Generated code:

00000000004004b0 <main>:
  4004b0:       48 83 ec 08             sub    $0x8,%rsp
  4004b4:       0f 57 c0                xorps  %xmm0,%xmm0
  4004b7:       0f 29 04 24             movaps %xmm0,(%rsp)
  4004bb:       e8 e0 ff ff ff          callq  4004a0 <frame_dummy+0x30>
  4004c0:       48 83 c4 08             add    $0x8,%rsp                
  4004c4:       c3                      retq                            

The movaps instruction will overwrite the return address on the stack, causing
a crash.

Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list