On Okt 20 2016, Florian Weimer <fwei...@redhat.com> wrote: > We have a fun little glibc bug which causes pthread_cond_wait to write out > of bounds on i386: > > https://sourceware.org/bugzilla/show_bug.cgi?id=20719 > > Root cause is this in libgcc/unwind-c.c: > > 130 int ip_before_insn = 0; > … > 158 /* Parse the LSDA header. */ > 159 p = parse_lsda_header (context, language_specific_data, &info); > 160 #ifdef HAVE_GETIPINFO > 161 ip = _Unwind_GetIPInfo (context, &ip_before_insn); > 162 #else > 163 ip = _Unwind_GetIP (context); > 164 #endif > 165 if (! ip_before_insn) > 166 --ip; > 167 landing_pad = 0; > > The PC decrement cannot be possibly meaningful on CISC architectures with > variable instruction lengths. I suspect it's an unintentional leftover > from the ia64 port.
It is valid for all architectures, because the return IP usually points _after_ the call instruction, which may already be inside the next unwind region. The situation is different for signal frame. See libgcc/unwind-dw2.c:_Unwind_GetIPInfo for the correct way to handle it. Andreas. -- Andreas Schwab, sch...@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different."
