>Submitter-Id: net
>Originator: Philippe Biondi
>Organization: SecDev.org
>Confidential: no
>Synopsis: gcc targetting hppa uses memcpy() with -fno-builtin
>Severity: critical
>Priority: low
>Category: c
>Class: wrong-code
>Release: 3.2.3 20030221 (Debian prerelease) (Debian
testing/unstable)
>Environment:
System: Linux rigel 2.4.21 #1 Tue Aug 19 13:11:08 CEST 2003 i686 GNU/Linux
Architecture: i686
host: i386-pc-linux-gnu
build: i386-pc-linux-gnu
target: hppa-unknown-linux-gnu
configured with: ../src/configure -v --enable-languages=c --prefix=/usr
--infodir=/usr/share/info --mandir=/usr/share/man
--with-gxx-include-dir=/usr/hppa-linux/include/g++ --enable-shared
--with-gnu-as --with-gnu-ld --with-system-zlib --enable-long-long
--enable-nls --without-included-gettext --disable-checking
--build=i386-linux --host=i386-linux --target=hppa-linux
>Description:
When using initialization for variables in the stack, data
must be copied from the .rodata section to the stack.
When the target is hppa, memcpy() is used, even if -fno-builtins is used.
>How-To-Repeat:
>How-To-Repeat:
$ cat hello.c
int main(void)
{
char buf[] = "Hello world!\n";
write(1, buf, sizeof(buf));
}
$ hppa-linux-gcc -S -o - -fno-builtins hello.c
.LEVEL 1.1
.section .rodata
.align 4
.LC0:
.stringz"Hello world!\n"
.text
.align 4
.globl main
.type main,@function
main:
.PROC
.CALLINFO FRAME=128,CALLS,SAVE_RP,SAVE_SP,ENTRY_GR=3
.ENTRY
stw %r2,-20(%r30)
copy %r3,%r1
copy %r30,%r3
stwm %r1,128(%r30)
ldil LR'.LC0,%r19
ldo RR'.LC0(%r19),%r19
ldo 8(%r3),%r20
ldi 14,%r21
copy %r20,%r26
copy %r19,%r25
copy %r21,%r24
bl memcpy,%r2 <<<< Here
nop
ldi 1,%r26
ldo 8(%r3),%r25
ldi 14,%r24
bl write,%r2
nop
ldi 5,%r26
bl exit,%r2
nop
nop
.EXIT
.PROCEND
.Lfe1:
.size main,.Lfe1-main
.ident "GCC: (GNU) 3.2.3 20030221 (Debian prerelease)"
>Fix:
??
--
Philippe Biondi <phil@ secdev.org> SecDev.org
Security Consultant/R&D http://www.secdev.org
PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2
