https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91489
Bug ID: 91489
Summary: misplaced stack pointer when __ms_hook_prologue__
attribute is used
Product: gcc
Version: 9.1.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: gofmanp at gmail dot com
Target Milestone: ---
Created attachment 46729
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=46729&action=edit
Preprocessed test program (gcc -v -save-temps -m32 -O2 ./file.c)
gcc -v:
Using built-in specs.
COLLECT_GCC=/usr/bin/gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-redhat-linux/9/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-redhat-linux
Configured with: ../configure --enable-bootstrap
--enable-languages=c,c++,fortran,objc,obj-c++,ada,go,d,lto --prefix=/usr
--mandir=/usr/share/man --infodir=/usr/share/info
--with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-shared
--enable-threads=posix --enable-checking=release --enable-multilib
--with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions
--enable-gnu-unique-object --enable-linker-build-id
--with-gcc-major-version-only --with-linker-hash-style=gnu --enable-plugin
--enable-initfini-array --with-isl --enable-offload-targets=nvptx-none
--without-cuda-driver --enable-gnu-indirect-function --enable-cet
--with-tune=generic --with-arch_32=i686 --build=x86_64-redhat-linux
Thread model: posix
gcc version 9.1.1 20190503 (Red Hat 9.1.1-1) (GCC)
OS: Linux, Fedora 30 (x86_64)
The following test program crashes with SEGFAULT (on return from second call to
test_func()) when compiled as 'gcc -m32 -O2':
-----
#include <stdio.h>
unsigned int __attribute__ ((noinline)) __attribute__((__stdcall__))
__attribute__((__ms_hook_prologue__)) test_func( unsigned long *size )
{
static int once;
if (once++ == 0)
printf("(%p): stub\n", size);
return 1;
}
int main(int argc, char **argv)
{
printf("%#x.\n", test_func(NULL));
printf("%#x.\n", test_func(NULL));
}
----
The stack pointer is wrong in one of the code paths in test_func(). Here is the
snippet from 'objdump -d a.out':
----
80491e0: 8b ff mov %edi,%edi
80491e2: 55 push %ebp
80491e3: 8b ec mov %esp,%ebp
80491e5: a1 1c c0 04 08 mov 0x804c01c,%eax
80491ea: 8d 50 01 lea 0x1(%eax),%edx
80491ed: 89 15 1c c0 04 08 mov %edx,0x804c01c
80491f3: 85 c0 test %eax,%eax
80491f5: 74 09 je 8049200 <test_func+0x20>
80491f7: b8 01 00 00 00 mov $0x1,%eax
; the stack pointer is wrong here, need 'leave' or equivalent
80491fc: c2 04 00 ret $0x4
80491ff: 90 nop
8049200: 5d pop %ebp
8049201: 83 ec 14 sub $0x14,%esp
8049204: ff 74 24 18 pushl 0x18(%esp)
8049208: 68 0c a0 04 08 push $0x804a00c
804920d: e8 2e fe ff ff call 8049040 <printf@plt>
8049212: b8 01 00 00 00 mov $0x1,%eax
8049217: 83 c4 1c add $0x1c,%esp
804921a: c2 04 00 ret $0x4
----
The problem is not there without __attribute__((__ms_hook_prologue__)) (no
stack frame is generated in this case), or without -O2 compiler flag.
The problem originates from here: https://bugs.winehq.org/show_bug.cgi?id=47633
