The disassembly shows the same behaviour with gcc-snapshot. In
malloc_init_hard, arenas_map is initialized with arenas[0] here:
5626: e8 85 eb ff ff call 41b0 <arenas_extend>
562b: 8b 83 60 12 00 00 mov 0x1260(%ebx),%eax
5631: 8b 30 mov (%eax),%esi
5633: 85 f6 test %esi,%esi
5635: 0f 84 7b 04 00 00 je 5ab6 <.L517+0x12e>
563b: 65 a1 00 00 00 00 mov %gs:0x0,%eax
5641: 81 e8 04 00 00 00 sub $0x4,%eax
5647: bd 20 00 00 00 mov $0x20,%ebp
564c: bf ab aa aa aa mov $0xaaaaaaab,%edi
5651: 89 30 mov %esi,(%eax)
And arenas[0] is initialized here to the return value of base_alloc in
arenas_extend:
4509: 8b 93 60 12 00 00 mov 0x1260(%ebx),%edx
450f: 8b 44 24 28 mov 0x28(%esp),%eax
4513: 8d 04 82 lea (%edx,%eax,4),%eax
4516: 8b 54 24 18 mov 0x18(%esp),%edx
451a: 89 10 mov %edx,(%eax)
...with base_alloc being called here:
41e2: e8 59 fe ff ff call 4040 <base_alloc>
41e7: 85 c0 test %eax,%eax
41e9: 89 44 24 18 mov %eax,0x18(%esp)
Again, in malloc, this is where pthread_mutex_lock is called (where it
locks up);
741f: 89 3c 24 mov %edi,(%esp)
7422: e8 2d a0 ff ff call 1454 <pthread_mutex_l...@plt>
...with edi being initialized here:
7398: 65 a1 00 00 00 00 mov %gs:0x0,%eax
739e: 90 nop
739f: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
73a3: 8d 2d 00 00 00 00 lea 0x0,%ebp
73a9: 8b 7c 05 00 mov 0x0(%ebp,%eax,1),%edi
73ad: 85 ff test %edi,%edi
....which should be the same value as arenas_map, but is being
initialized with a value from a memory location which is 4 bytes out
--
Firefox built with gcc-4.5 is a non-starter on i386
https://bugs.launchpad.net/bugs/663294
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
