This appears to be a compiler bug. Using plain gcc-
linaro-4.5-2010.11-1, parse_warn includes the following assembly:
266: f7ff fffe bl 0 <dcgettext>
266: R_ARM_THM_CALL dcgettext
26a: 4632 mov r2, r6
26c: f104 0108 add.w r1, r4, #8
270: aefd add r6, sp, #1012 ; 0x3f4
272: 9600 str r6, [sp, #0]
274: 4603 mov r3, r0
276: 1d20 adds r0, r4, #4
278: f7ff ff8a bl 190 <parse_error_msg.clone.1>
27c: 4631 mov r1, r6
27e: a803 add r0, sp, #12
280: f7ff fffe bl 0 <str_escape_fmt>
Note that r6 is set to &buf at 0x270, stored on the stack at 0x272, and
put into r1 at 0x27c. parse_error_msg() however corrupts r6:
00000190 <parse_error_msg.clone.1>:
190: b580 push {r7, lr}
192: b082 sub sp, #8
194: 4614 mov r4, r2
196: 4606 mov r6, r0
198: 460d mov r5, r1
which causes str_escape_fmt() to stomp on memory.
Either the compiler should call parse_error_msg (not the clone), or save
r6 in the clone, or restore r6 from the stack before calling
str_escape_fmt().
** Attachment added: "objdump -dx of parsehelp.o"
https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/674146/+attachment/1742921/+files/parsehelp.dump
** Changed in: gcc-linaro
Status: New => Triaged
** Changed in: gcc-linaro
Importance: Undecided => High
--
dpkg segfaults during debootstrap on natty armel
https://bugs.launchpad.net/bugs/674146
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
