http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45807
Summary: Lying eh_frame r2 save info causes crashes with static libgcc_eh and libstdc++ Product: gcc Version: 4.6.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: target AssignedTo: unassig...@gcc.gnu.org ReportedBy: amo...@gmail.com Created attachment 21893 --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=21893 testcase from Allan Pratt <akpr...@netflix.com> In the eh_frame description for _Unwind_Resume_or_Rethrow, I see 000012a0 0000007c 000012a4 FDE cie=00000000 pc=100712c0..100714f8 DW_CFA_advance_loc: 4 to 100712c4 DW_CFA_def_cfa_offset: 3216 DW_CFA_advance_loc: 164 to 10071368 DW_CFA_offset_extended_sf: r2 at cfa+40 [snip] but, r2 is not saved by this function, at least, not before _Unwind_RaiseException is called. So the lie that r2 is saved at cfa+40 once we are past 10071368 can cause the unwinder to return a bad value for r2 when unwinding through _Unwind_Resume_or_Rethrow from _Unwind_RaiseException. r2 won't be saved if _Unwind_Resume_of_Rethrow is called statically from the same toc group, but this bug is often covered by the fact that a previous call into exception handling functions has written the correct r2 value to the stack. 00000000100712c0 <._Unwind_Resume_or_Rethrow>: 100712c0: f8 21 f3 71 stdu r1,-3216(r1) 100712c4: 7d 80 00 26 mfcr r12 100712c8: 7c 08 02 a6 mflr r0 100712cc: d9 c1 0c 00 stfd f14,3072(r1) 100712d0: d9 e1 0c 08 stfd f15,3080(r1) 100712d4: f8 01 0c a0 std r0,3232(r1) 100712d8: da 01 0c 10 stfd f16,3088(r1) 100712dc: da 21 0c 18 stfd f17,3096(r1) 100712e0: da 41 0c 20 stfd f18,3104(r1) 100712e4: da 61 0c 28 stfd f19,3112(r1) 100712e8: da 81 0c 30 stfd f20,3120(r1) 100712ec: da a1 0c 38 stfd f21,3128(r1) 100712f0: da c1 0c 40 stfd f22,3136(r1) 100712f4: da e1 0c 48 stfd f23,3144(r1) 100712f8: db 01 0c 50 stfd f24,3152(r1) 100712fc: db 21 0c 58 stfd f25,3160(r1) 10071300: db 41 0c 60 stfd f26,3168(r1) 10071304: db 61 0c 68 stfd f27,3176(r1) 10071308: db 81 0c 70 stfd f28,3184(r1) 1007130c: db a1 0c 78 stfd f29,3192(r1) 10071310: db c1 0c 80 stfd f30,3200(r1) 10071314: db e1 0c 88 stfd f31,3208(r1) 10071318: f9 c1 0b 70 std r14,2928(r1) 1007131c: f9 e1 0b 78 std r15,2936(r1) 10071320: fa 01 0b 80 std r16,2944(r1) 10071324: fa 21 0b 88 std r17,2952(r1) 10071328: fa 41 0b 90 std r18,2960(r1) 1007132c: fa 61 0b 98 std r19,2968(r1) 10071330: fa 81 0b a0 std r20,2976(r1) 10071334: fa a1 0b a8 std r21,2984(r1) 10071338: fa c1 0b b0 std r22,2992(r1) 1007133c: fa e1 0b b8 std r23,3000(r1) 10071340: fb 01 0b c0 std r24,3008(r1) 10071344: fb 21 0b c8 std r25,3016(r1) 10071348: fb 41 0b d0 std r26,3024(r1) 1007134c: fb 61 0b d8 std r27,3032(r1) 10071350: fb 81 0b e0 std r28,3040(r1) 10071354: fb a1 0b e8 std r29,3048(r1) 10071358: fb c1 0b f0 std r30,3056(r1) 1007135c: fb e1 0b f8 std r31,3064(r1) 10071360: e8 03 00 10 ld r0,16(r3) 10071364: 7c 7f 1b 78 mr r31,r3 10071368: 2f a0 00 00 cmpdi cr7,r0,0 1007136c: f8 61 0b 50 std r3,2896(r1) 10071370: f8 81 0b 58 std r4,2904(r1) 10071374: f8 a1 0b 60 std r5,2912(r1) 10071378: f8 c1 0b 68 std r6,2920(r1) 1007137c: 91 81 0c 98 stw r12,3224(r1) 10071380: 40 9e 00 e0 bne- cr7,10071460 <._Unwind_Resume_or_Rethrow+0x1a0> 10071384: 4b ff f8 0d bl 10070b90 <._Unwind_RaiseException>