https://bugs.llvm.org/show_bug.cgi?id=42136
Bug ID: 42136
Summary: Shrink wrap can leave accesses to stack objects after
frame destruction
Product: libraries
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: Common Code Generator Code
Assignee: unassignedb...@nondot.org
Reporter: david.gr...@arm.com
CC: efrie...@quicinc.com, llvm-bugs@lists.llvm.org,
t.p.northo...@gmail.com
Something like this code:
void compiler_pop_stack(unsigned num)
{
unsigned rstack[16];
if (num <= 1U) {
return;
}
rstack[0] = 0;
for (unsigned ptr = 1; ptr > 0; ptr--) {
if (0 < rstack[ptr]) {
ptr++;
}
}
}
Produces this assembly:
clang --target=aarch64-arm-none-eabi -march=armv8-a -Os test.c -S -o -
.globl compiler_pop_stack
.p2align 2
.type compiler_pop_stack,@function
compiler_pop_stack:
cmp w0, #2
b.lo .LBB0_3
str wzr, [sp, #-64]! <<< Stack is setup
mov w8, #1
mov x9, sp
add sp, sp, #64 <<< Stack is restored
.LBB0_2:
ldr w10, [x9, w8, uxtw #2] <<< Stack object is used in loop
cmp w10, #0
cinc w8, w8, ne
subs w8, w8, #1
b.ne .LBB0_2
.LBB0_3:
ret
If we take an exception between the stack restore and the accesses in the loop,
we can end up corrupting the stack items that are still in use.
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs