https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83654
Bug ID: 83654
Summary: -fstack-clash-protection probes below the stack
pointer for VLA with constant size
Product: gcc
Version: 8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: fw at gcc dot gnu.org
Target Milestone: ---
Created attachment 43010
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=43010&action=edit
const-vla.c
On i386, the reproducer compiles to:
f2:
.LFB0:
.cfi_startproc
pushl %ebp
.cfi_def_cfa_offset 8
.cfi_offset 5, -8
movl %esp, %ebp
.cfi_def_cfa_register 5
subl $8, %esp
leal -4096(%esp), %eax
cmpl %eax, %esp
je .L5
.L7:
subl $4096, %esp
orl $0, 4092(%esp)
cmpl %eax, %esp
jne .L7
.L5:
orl $0, -4(%esp)
The final probe accesses memory below the stack pointer. i386 does not have a
red zone, so this results in a valgrind warning:
==375071== Invalid read of size 4
==375071== at 0x80482EE: main (in /root/build-32/a.out)
==375071== Address 0xfeb83d0c is on thread 1's stack
==375071== 4 bytes below stack pointer
I don't think this issue is observable without valgrind, so the severity is
low. However, it affects glibc's getaddrinfo implementation, so it seems
worthwhile addressing this.
The issue might not be target-specific. x86-64 results in similar code, but
valgrind won't warn because of the red zone.
