------- Comment #9 from danglin at gcc dot gnu dot org 2008-06-29 03:29 -------
The linux and hpux problems are the same. It appears this code in
ada__text_io__editing__expand() is stomping on the function context.
In particular, the high order byte of the fc->prev value stomped on.
when others =>
Result (Result_Index) := Picture (Picture_Index);
Picture_Index := Picture_Index + 1;
Result_Index := Result_Index + 1;
The corresponding assembler code is
0x0002c48c <ada__text_io__editing__expand+268>: ldw -a4(,sp),ret1
0x0002c490 <ada__text_io__editing__expand+272>: add,l r22,ret1,ret0
0x0002c494 <ada__text_io__editing__expand+276>: stb r20,0(,ret0)
0x0002c498 <ada__text_io__editing__expand+280>: ldo 1(ret1),ret1
0x0002c49c <ada__text_io__editing__expand+284>: ldo 1(r19),r19
0x0002c4a0 <ada__text_io__editing__expand+288>: stw ret1,-a4(,sp)
0x0002c4a4 <ada__text_io__editing__expand+292>: ldw -90(,sp),r20
(gdb) p/x $r20
$9 = 0x39
(gdb) p $r22
$3 = 2130644039
(gdb) p $ret1
$4 = 65
(gdb) p/x $ret1 + $r22
$7 = 0x7eff0c88
(gdb) c
Continuing.
Breakpoint 15, _Unwind_SjLj_Unregister (fc=0x7eff0c88)
at ../../../gcc/libgcc/../gcc/unwind-sjlj.c:173
173 {
(gdb) p &fc->prev
$10 = (struct SjLj_Function_Context **) 0x7eff0c88
(gdb) p *fc
$11 = {prev = 0x39ff0ac8, call_site = 4, data = {1073765631, 2130643768,
55035, 140523}, personality = 0x4000315a <U_ARM_MASK+1030>,
lsda = 0x400022ac}
_Unwind_SjLj_Unregister installs fc->prev and this leads to a segv when
the context is accessed.
It appears the offset of 65 is outside the bounds of the Result array.
--
danglin at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
GCC build triplet|hppa2.0w-hp-hpux11.11 |hppa*-*-*
GCC host triplet|hppa2.0w-hp-hpux11.11 |hppa*-*-*
GCC target triplet|hppa2.0w-hp-hpux11.11 |hppa*-*-*
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=25819
