On Mon, 17 Apr 2017 17:02:32 +0100 Paul Brook <p...@nowt.org> wrote: > Package: libsbc1 > Version: 1.3-1+b2 > Followup-For: Bug #856487 > > Not a stack corruption. > > This is miscompilation of sbc_analyze_4b_8s_armv6. gcc appears to look > into the asm function and decides that it does not clobber r3 (which the > normal ARM ABI says is call clobbered). The last out += out_stride ends > up incrementing the pointer by an arbitrary amount. >
Hi Paul, Many thanks for finding the bug and the solution to it. > The attached patch works around the bug. > @Bluetooth maintainers: Could you please apply the patch below for stretch? > I'm not entirely sure whether this is a gcc bug or not, but at best it's > surprising behavior from gcc. I've attached a reduced testcase for the > toolchain > folks to argue over (compile with gcc -O2, tested with gcc 6.3.0-2 from > sid). > > Paul > @ARM porters: I will let you be the judge of this and forward it to GCC as necessary. (The test case is available from: https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=856487;filename=gcc-naked-bug.c;msg=130) Thanks, ~Niels > diff -ur clean/sbc/sbc_primitives_armv6.c sbc-1.3/sbc/sbc_primitives_armv6.c > --- clean/sbc/sbc_primitives_armv6.c 2013-04-30 17:19:23.000000000 +0100 > +++ sbc-1.3/sbc/sbc_primitives_armv6.c 2017-04-17 16:43:49.918809345 > +0100 > @@ -102,6 +102,7 @@ > "pop {r8-r11}\n" > "stmia r1, {r4, r5, r6, r7}\n" > "pop {r1, r4-r7, pc}\n" > + :::"r0", "r2", "r3", "ip" > ); > } > > @@ -258,6 +259,7 @@ > "pop {r8-r11}\n" > "stmia r1!, {r4, r5, r6, r7}\n" > "pop {r1, r4-r7, pc}\n" > + :::"r0", "r2", "r3", "ip" > ); > } >