https://bugs.llvm.org/show_bug.cgi?id=41123
Bug ID: 41123
Summary: X86: Underflow error in stack probe emitting
Product: libraries
Version: trunk
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P
Component: Backend: X86
Assignee: unassignedb...@nondot.org
Reporter: cfswo...@gmail.com
CC: craig.top...@gmail.com, llvm-bugs@lists.llvm.org,
llvm-...@redking.me.uk, spatel+l...@rotateright.com
In X86FrameLowering::emitPrologue, there's some logic that checks if NumBytes
(the number of bytes that need to be reserved on the stack for the local stack
frame) exceeds some "stack probe size" and, if so, emits a stack probe call.
The stack probe call expects to find the size of stack space to be probed in
EAX/RAX. If that register is already alive, it's first pushed to the stack, and
the effect on ESP/RSP from that extra push is negated from NumBytes.
This means that if NumBytes is 0, the value passed to the stack probe is
actually an underflowed value, which the stack probe may interpret as an
extremely large number, causing a stack overflow at runtime.
Normally, this isn't a problem - the default "stack probe size" is 4096 bytes,
meaning NumBytes must already be sufficiently large that this subtraction
cannot underflow. However, if the user (or, rather, the project the user is
trying to compile) overrides the stack probe size to 0 ("emit probes
unconditionally"), then the underflow may occur and produce an invalid stack
probe call.
I haven't checked if this bug exists in any other code generators; but I found
this one in the wild whilst trying to run an LLVM-produced X86 program.
--
You are receiving this mail because:
You are on the CC list for the bug._______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
