http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45807
Summary: Lying eh_frame r2 save info causes crashes with static
libgcc_eh and libstdc++
Product: gcc
Version: 4.6.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: target
AssignedTo: unassig...@gcc.gnu.org
ReportedBy: amo...@gmail.com
Created attachment 21893
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=21893
testcase from Allan Pratt <akpr...@netflix.com>
In the eh_frame description for _Unwind_Resume_or_Rethrow, I see
000012a0 0000007c 000012a4 FDE cie=00000000 pc=100712c0..100714f8
DW_CFA_advance_loc: 4 to 100712c4
DW_CFA_def_cfa_offset: 3216
DW_CFA_advance_loc: 164 to 10071368
DW_CFA_offset_extended_sf: r2 at cfa+40
[snip]
but, r2 is not saved by this function, at least, not before
_Unwind_RaiseException is called. So the lie that r2 is saved at
cfa+40 once we are past 10071368 can cause the unwinder to return a bad
value for r2 when unwinding through _Unwind_Resume_or_Rethrow from
_Unwind_RaiseException. r2 won't be saved if _Unwind_Resume_of_Rethrow is
called statically from the same toc group, but this bug is often covered by the
fact that a previous call into exception handling functions has written the
correct r2 value to the stack.
00000000100712c0 <._Unwind_Resume_or_Rethrow>:
100712c0: f8 21 f3 71 stdu r1,-3216(r1)
100712c4: 7d 80 00 26 mfcr r12
100712c8: 7c 08 02 a6 mflr r0
100712cc: d9 c1 0c 00 stfd f14,3072(r1)
100712d0: d9 e1 0c 08 stfd f15,3080(r1)
100712d4: f8 01 0c a0 std r0,3232(r1)
100712d8: da 01 0c 10 stfd f16,3088(r1)
100712dc: da 21 0c 18 stfd f17,3096(r1)
100712e0: da 41 0c 20 stfd f18,3104(r1)
100712e4: da 61 0c 28 stfd f19,3112(r1)
100712e8: da 81 0c 30 stfd f20,3120(r1)
100712ec: da a1 0c 38 stfd f21,3128(r1)
100712f0: da c1 0c 40 stfd f22,3136(r1)
100712f4: da e1 0c 48 stfd f23,3144(r1)
100712f8: db 01 0c 50 stfd f24,3152(r1)
100712fc: db 21 0c 58 stfd f25,3160(r1)
10071300: db 41 0c 60 stfd f26,3168(r1)
10071304: db 61 0c 68 stfd f27,3176(r1)
10071308: db 81 0c 70 stfd f28,3184(r1)
1007130c: db a1 0c 78 stfd f29,3192(r1)
10071310: db c1 0c 80 stfd f30,3200(r1)
10071314: db e1 0c 88 stfd f31,3208(r1)
10071318: f9 c1 0b 70 std r14,2928(r1)
1007131c: f9 e1 0b 78 std r15,2936(r1)
10071320: fa 01 0b 80 std r16,2944(r1)
10071324: fa 21 0b 88 std r17,2952(r1)
10071328: fa 41 0b 90 std r18,2960(r1)
1007132c: fa 61 0b 98 std r19,2968(r1)
10071330: fa 81 0b a0 std r20,2976(r1)
10071334: fa a1 0b a8 std r21,2984(r1)
10071338: fa c1 0b b0 std r22,2992(r1)
1007133c: fa e1 0b b8 std r23,3000(r1)
10071340: fb 01 0b c0 std r24,3008(r1)
10071344: fb 21 0b c8 std r25,3016(r1)
10071348: fb 41 0b d0 std r26,3024(r1)
1007134c: fb 61 0b d8 std r27,3032(r1)
10071350: fb 81 0b e0 std r28,3040(r1)
10071354: fb a1 0b e8 std r29,3048(r1)
10071358: fb c1 0b f0 std r30,3056(r1)
1007135c: fb e1 0b f8 std r31,3064(r1)
10071360: e8 03 00 10 ld r0,16(r3)
10071364: 7c 7f 1b 78 mr r31,r3
10071368: 2f a0 00 00 cmpdi cr7,r0,0
1007136c: f8 61 0b 50 std r3,2896(r1)
10071370: f8 81 0b 58 std r4,2904(r1)
10071374: f8 a1 0b 60 std r5,2912(r1)
10071378: f8 c1 0b 68 std r6,2920(r1)
1007137c: 91 81 0c 98 stw r12,3224(r1)
10071380: 40 9e 00 e0 bne- cr7,10071460
<._Unwind_Resume_or_Rethrow+0x1a0>
10071384: 4b ff f8 0d bl 10070b90 <._Unwind_RaiseException>
