http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45867
Eric Botcazou <ebotcazou at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target| |sparc64-elf
Status|UNCONFIRMED |RESOLVED
CC| |ebotcazou at gcc dot
| |gnu.org
Resolution| |WORKSFORME
Summary|Sparc64: bogus %g4 |reference to %g4 in code
|reference in libgcc |generated for sparc64-elf
|__udivti3() |
--- Comment #1 from Eric Botcazou <ebotcazou at gcc dot gnu.org> 2010-10-02
13:40:39 UTC ---
> As can be seen in the output, there is a strange extra instruction, 'add
> %g1, %g4, %g1'. %g4 is not initialized anywhere in the function but any
> previous value will be used. Thus the __clz_tab table access can lead to
> crashes. This may in theory even have some security implications if %g4 value
> could be feasibly controlled by an attacker.
The attacker is supposed to be you here. The sparc64-elf compiler defaults to
the CM_EMBMEDANY memory model:
TARGET_CM_EMBMEDANY: 64-bit address space.
The text and data segments have a maximum size of 2GB
(31-bit span) and may be located anywhere in memory.
The global register %g4 contains the start address of
the data segment. Programs are statically linked and
PIC is not supported.
