This is the mail archive of the
gdb-prs@sourceware.org
mailing list for the GDB project.
[Bug c++/21222] A function with VEX encoded SSE instructions and a particular number of arguments corrupts a value calculated on the stack when stepping through the function
- From: "kungfujesus06 at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: gdb-prs at sourceware dot org
- Date: Tue, 28 Mar 2017 17:29:10 +0000
- Subject: [Bug c++/21222] A function with VEX encoded SSE instructions and a particular number of arguments corrupts a value calculated on the stack when stepping through the function
- Auto-submitted: auto-generated
- References: <bug-21222-4717@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=21222
--- Comment #9 from Adam Stylinski <kungfujesus06 at gmail dot com> ---
Any luck reproducing this? I was able to do it on another distro with GDB
7.12, though the stack corruption wasn't nearly as noticeable (increasing the
number of arguments can affect this, though).
GNU gdb (Gentoo 7.12 vanilla) 7.12
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://bugs.gentoo.org/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./test.out...done.
(gdb) break testFunc
Breakpoint 1 at 0x400550: file test.cpp, line 12.
(gdb) r
Starting program: /home/adam/test.out
Breakpoint 1, testFunc (a=0x0, n=0, sx=0x0, sy=0x0, rc=0x0, nr=0, b=4,
f=9.50000026e+09, c=0x0, d=0x0, e=0x0, gx=0x0, gy=0x0) at test.cpp:12
12 float lambda = C_LIGHT / f;
(gdb) n
13 printf("lambda = %f\n", lambda);
(gdb) p lambda
$1 = 0.030302437
(gdb) disas
Dump of assembler code for function testFunc(float*, unsigned long, float*,
float*, float*, float, int, float, float**, float**, float**, float*, float*):
0x0000000000400526 <+0>: push %rbp
0x0000000000400527 <+1>: mov %rsp,%rbp
0x000000000040052a <+4>: sub $0x50,%rsp
0x000000000040052e <+8>: mov %rdi,-0x18(%rbp)
0x0000000000400532 <+12>: mov %rsi,-0x20(%rbp)
0x0000000000400536 <+16>: mov %rdx,-0x28(%rbp)
0x000000000040053a <+20>: mov %rcx,-0x30(%rbp)
0x000000000040053e <+24>: mov %r8,-0x38(%rbp)
0x0000000000400542 <+28>: vmovss %xmm0,-0x3c(%rbp)
0x0000000000400547 <+33>: mov %r9d,-0x40(%rbp)
0x000000000040054b <+37>: vmovss %xmm1,-0x44(%rbp)
0x0000000000400550 <+42>: vmovss 0x10c(%rip),%xmm0 # 0x400664
0x0000000000400558 <+50>: vdivss -0x44(%rbp),%xmm0,%xmm0
0x000000000040055d <+55>: vmovss %xmm0,-0x4(%rbp)
=> 0x0000000000400562 <+60>: vcvtss2sd -0x4(%rbp),%xmm2,%xmm2
0x0000000000400567 <+65>: vmovq %xmm2,%rax
0x000000000040056c <+70>: vmovq %rax,%xmm0
0x0000000000400571 <+75>: mov $0x400654,%edi
0x0000000000400576 <+80>: mov $0x1,%eax
0x000000000040057b <+85>: callq 0x400400 <printf@plt>
0x0000000000400580 <+90>: nop
0x0000000000400581 <+91>: leaveq
0x0000000000400582 <+92>: retq
End of assembler dump.
(gdb) n
lambda = 0.030302
14 }
(gdb)
main () at test.cpp:21
21 return 0;
(gdb)
22 }
adam@eggsbenedict ~ $ ./test.out
lambda = 0.031557
Here's after adding one more argument to the function signature and stepping
through the function call in the debugger:
Breakpoint 1, testFunc (a=0x0, n=0, sx=0x0, sy=0x0, rc=0x0, nr=0, b=4,
f=9.50000026e+09, c=0x0, d=0x0, e=0x0, gx=0x0, gy=0x0, gz=0x0) at test.cpp:12
12 float lambda = C_LIGHT / f;
(gdb) n
13 printf("lambda = %f\n", lambda);
(gdb) n
lambda = -98857.093750
14 }
So some static allocation somewhere is probably being overrun.
--
You are receiving this mail because:
You are on the CC list for the bug.