https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61479
Bug ID: 61479
Summary: wrong code gen with fstack-protector-all for variadic
function
Product: gcc
Version: 4.10.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: target
Assignee: unassigned at gcc dot gnu.org
Reporter: rmansfield at qnx dot com
Target: i686-unknown-linux-gnu
The following code that is specifically targeted at x86 (not intended to be
portable) and assumes that the variable arguments will follow the i386 ABI and
be on the stack. This works without stack protection, but with
-fstack-protector-all.gcc generates loads edi and esi from uninitialized stack.
#include <stdio.h>
int
my_func(int a, int b, int c, int d, int e)
{
return a + b + c + d + e;
}
int __attribute__((noinline))
my_varg(int a, ...)
{
int *data = &a;
struct {
int x1;
int x2;
} x;
printf("%x %x %x %x\n", a, data[0], data[1], data[2]);
x.x1 = data[1] * 10;
x.x2 = data[2] * 20;
return my_func(a, data[0], data[1], data[2], (int)&x);
}
int
main()
{
int p;
return my_varg(10, 1, &p);
}
Generated with -O2 -fstack-protector-all
movl 60(%esp), %ebx # a, a
movl 32(%esp), %esi # MEM[(int *)&a + 8B], D.1941
movl 28(%esp), %edi # MEM[(int *)&a + 4B], D.1941
movl %gs:20, %eax #, tmp98
movl %eax, 40(%esp) # tmp98, D.1942
xorl %eax, %eax # tmp98
movl %ebx, 24(%esp) # a, a
pushl %esi # D.1941
.cfi_def_cfa_offset 64
pushl %edi # D.1941
.cfi_def_cfa_offset 68
pushl %ebx # a
.cfi_def_cfa_offset 72
pushl %ebx # a
.cfi_def_cfa_offset 76
pushl $.LC1 #
.cfi_def_cfa_offset 80
call printf #
The loads should have been:
movl 68(%esp), %esi # MEM[(int *)&a + 8B], D.1941
movl 64(%esp), %edi # MEM[(int *)&a + 4B], D.1941
