[Bug 663294] Re: Firefox built with gcc-4.5 is a non-starter on i386

Chris Coulson Wed, 20 Oct 2010 08:21:41 -0700

Ok, with a good build, I see the following:

(gdb) print arenas[0]
$1 = (arena_t *) 0xf58d2040
(gdb) print &arenas[0]
$2 = (arena_t **) 0xf58d2000


Inside arena_malloc:

(gdb) print arena
$3 = (arena_t *) 0xf58d2040

Yay \o/

And:

(gdb) info registers
eax            0xf59d3870       -174245776
ecx            0x3      3
edx            0xfffffffc       -4
ebx            0x80548e8        134564072
esp            0xffffd484       0xffffd484
ebp            0xffffd4dc       0xffffd4dc
esi            0x160    352
edi            0xf58d2040       -175300544
eip            0x804f0af        0x804f0af <malloc+159>
eflags         0x282    [ SF IF ]
cs             0x23     35
ss             0x2b     43
ds             0x2b     43
es             0x2b     43
fs             0x0      0
gs             0x63     99

And the interesting bit of malloc disassembled:

   0x0804f010 <+0>:     push   %ebp
   0x0804f011 <+1>:     mov    %esp,%ebp
   0x0804f013 <+3>:     sub    $0x58,%esp
   0x0804f016 <+6>:     mov    %ebx,-0xc(%ebp)
   0x0804f019 <+9>:     call   0x8049853 <__i686.get_pc_thunk.bx>
   0x0804f01e <+14>:    add    $0x58ca,%ebx
   0x0804f024 <+20>:    mov    %esi,-0x8(%ebp)
   0x0804f027 <+23>:    mov    0x8(%ebp),%esi
   0x0804f02a <+26>:    mov    %edi,-0x4(%ebp)
   0x0804f02d <+29>:    cmpb   $0x0,0x1230(%ebx)
   0x0804f034 <+36>:    je     0x804f068 <malloc+88>
   0x0804f036 <+38>:    test   %esi,%esi
   0x0804f038 <+40>:    jne    0x804f03e <malloc+46>
   0x0804f03a <+42>:    mov    $0x1,%si
   0x0804f03e <+46>:    cmp    0x194(%ebx),%esi
   0x0804f044 <+52>:    jbe    0x804f090 <malloc+128>
   0x0804f046 <+54>:    mov    %esi,%eax
   0x0804f048 <+56>:    call   0x804e5f0 <huge_malloc>
   0x0804f04d <+61>:    mov    %eax,%esi
   0x0804f04f <+63>:    test   %esi,%esi
   0x0804f051 <+65>:    je     0x804f071 <malloc+97>
   0x0804f053 <+67>:    mov    %esi,%eax
   0x0804f055 <+69>:    mov    -0xc(%ebp),%ebx
   0x0804f058 <+72>:    mov    -0x8(%ebp),%esi
   0x0804f05b <+75>:    mov    -0x4(%ebp),%edi
   0x0804f05e <+78>:    mov    %ebp,%esp
   0x0804f060 <+80>:    pop    %ebp
   0x0804f061 <+81>:    ret    
   0x0804f062 <+82>:    lea    0x0(%esi),%esi
   0x0804f068 <+88>:    call   0x804cee0 <malloc_init_hard>
   0x0804f06d <+93>:    test   %al,%al
   0x0804f06f <+95>:    je     0x804f036 <malloc+38>
   0x0804f071 <+97>:    call   0x804929c <__errno_locat...@plt>
   0x0804f076 <+102>:   xor    %esi,%esi
   0x0804f078 <+104>:   movl   $0xc,(%eax)
   0x0804f07e <+110>:   mov    %esi,%eax
   0x0804f080 <+112>:   mov    -0xc(%ebp),%ebx
   0x0804f083 <+115>:   mov    -0x8(%ebp),%esi
   0x0804f086 <+118>:   mov    -0x4(%ebp),%edi
   0x0804f089 <+121>:   mov    %ebp,%esp
   0x0804f08b <+123>:   pop    %ebp
   0x0804f08c <+124>:   ret    
   0x0804f08d <+125>:   lea    0x0(%esi),%esi
   0x0804f090 <+128>:   mov    %gs:0x0,%eax
   0x0804f096 <+134>:   nop
   0x0804f097 <+135>:   lea    0x0(%esi,%eiz,1),%esi
   0x0804f09b <+139>:   lea    0xfffffffc,%edx
   0x0804f0a1 <+145>:   mov    %edx,-0x1c(%ebp)
   0x0804f0a4 <+148>:   mov    (%edx,%eax,1),%edi
   0x0804f0a7 <+151>:   test   %edi,%edi
   0x0804f0a9 <+153>:   je     0x804f2e0 <malloc+720>
   0x0804f0af <+159>:   cmp    0x120c(%ebx),%esi
   0x0804f0b5 <+165>:   ja     0x804f220 <malloc+528>
   0x0804f0bb <+171>:   cmp    0x1204(%ebx),%esi
   0x0804f0c1 <+177>:   jae    0x804f1d8 <malloc+456>
   0x0804f0c7 <+183>:   sub    $0x1,%esi
   0x0804f0ca <+186>:   xor    %ecx,%ecx
   0x0804f0cc <+188>:   mov    %esi,%edx
   0x0804f0ce <+190>:   shr    %edx
   0x0804f0d0 <+192>:   or     %esi,%edx
   0x0804f0d2 <+194>:   mov    %edx,%eax
   0x0804f0d4 <+196>:   shr    $0x2,%eax
   0x0804f0d7 <+199>:   or     %edx,%eax
   0x0804f0d9 <+201>:   mov    %eax,%edx
   0x0804f0db <+203>:   shr    $0x4,%edx
   0x0804f0de <+206>:   or     %eax,%edx
   0x0804f0e0 <+208>:   mov    %edx,%eax
   0x0804f0e2 <+210>:   shr    $0x8,%eax
   0x0804f0e5 <+213>:   or     %edx,%eax
   0x0804f0e7 <+215>:   mov    %eax,%esi
   0x0804f0e9 <+217>:   shr    $0x10,%esi
   0x0804f0ec <+220>:   or     %eax,%esi
   0x0804f0ee <+222>:   add    $0x1,%esi
   0x0804f0f1 <+225>:   mov    %esi,%eax
   0x0804f0f3 <+227>:   shr    $0x2,%eax
   0x0804f0f6 <+230>:   bsf    %eax,%eax
   0x0804f0f9 <+233>:   sete   %cl
   0x0804f0fc <+236>:   neg    %ecx
   0x0804f0fe <+238>:   or     %ecx,%eax
   0x0804f100 <+240>:   add    $0x1,%eax
   0x0804f103 <+243>:   cmp    $0x1,%esi
   0x0804f106 <+246>:   lea    (%eax,%eax,8),%eax
   0x0804f109 <+249>:   lea    0x94(%edi,%eax,8),%eax
   0x0804f110 <+256>:   mov    %esi,-0x24(%ebp)
   0x0804f113 <+259>:   mov    %eax,-0x1c(%ebp)
   0x0804f116 <+262>:   jbe    0x804f3c8 <malloc+952>
   0x0804f11c <+268>:   mov    %edi,(%esp)
   0x0804f11f <+271>:   call   0x804934c <pthread_mutex_l...@plt>

Note that the previously suspicious intruction sequence before now looks
like this:

   0x0804f090 <+128>:   mov    %gs:0x0,%eax
   0x0804f09b <+139>:   lea    0xfffffffc,%edx
   0x0804f0a4 <+148>:   mov    (%edx,%eax,1),%edi

...with eax=0xf59d3870 and edx=0xfffffffc, this is loading the contents
of 0xf59d386c in to edi, and:

(gdb) print *0xf59d386c
$5 = -175300544

(which is 0xf58d2040 - ie, the valid pointer we expect in arena_malloc)

/me pops champagne cork

-- 
Firefox built with gcc-4.5 is a non-starter on i386
https://bugs.launchpad.net/bugs/663294
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 663294] Re: Firefox built with gcc-4.5 is a non-starter on i386

Reply via email to