https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64379
Bug ID: 64379
Summary: VFP register restore in ARM epilogue can break
indirect tailcalls
Product: gcc
Version: 4.9.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: donn.seeley at windriver dot com
Created attachment 34314
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=34314&action=edit
reduced from content.c in xfsdump
In the example, the compiler uses a VFP/NEON register to hold a 64-bit scalar.
Restoring the saved VFP/NEON register from the stack stomps on IP. But the
indirect tailcall uses all 4 argument registers, so the function pointer is in
IP, which got trashed:
sub ip, fp, #44
fldmfdd ip!, {d8}
sub sp, fp, #36
ldmfd sp, {r4, r5, r6, r7, r8, r9, fp, sp, lr}
bx ip @ indirect register sibling call
The code branches to a stack location and the program segfaults.
