[llvm-bugs] [Bug 39517] New: Control Flow Guard on a simple program causes a crash

[via llvm-bugs]

https://bugs.llvm.org/show_bug.cgi?id=39517

            Bug ID: 39517
           Summary: Control Flow Guard on a simple program causes a crash
           Product: lld
           Version: unspecified
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: normal
          Priority: P
         Component: All Bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: charles.milette at gmail.com
                CC: llvm-bugs at lists.llvm.org, peter.smith at linaro.org

When compiling the following program

#include <iostream>
#include <sstream>

int main()
{
    std::wostringstream str;
    str << L"Lorem ipsum dolor sit amet";

    std::wcout << str.str();
}

using the following commands

clang-cl /c control-bug.cpp -m32 /guard:cf /MDd
--- OR ---
clang-cl /c control-bug.cpp -m32 /guard:cf /MD


lld-link /guard:cf control-bug.obj

will cause a binary that crashes before printing Lorem Ipsum to the command
prompt.

Using the static (/MT and /MTd) over the DLL (/MD and /MDd) Microsoft Runtime
Library will make a correctly working executable, as well as replacing lld-link
by link and/or clang-cl by cl.

After further debugging by setting a breakpoint on the failing
_guard_check_icall_fptr call in x32dbg, it seems that
std::basic_streambuf<unsigned short, std::char_traits<unsigned short>>::sputn
(which is a function embedded in the MS Runtime library) is calling
std::basic_streambuf<unsigned short, std::char_traits<unsigned short>>::xsputn
(which is a function embedded in the main executable file) by function pointer
but it is not registered as a valid call target to Control Flow Guard.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20181101/55abccd5/attachment.html>