vsnprintf broken (was: Re: gcc update)

Simon 'corecode' Schubert corecode at fs.ei.tum.de
Mon Nov 12 12:41:29 PST 2007


Simon 'corecode' Schubert wrote:
> Johannes Hofmann wrote:
>> Hello,
>>
>> I see crashes with a string handling library on DragonFly.
>> The problem can be reduced to the test program below. It crashes on
>> DragonFly when compiled with "gcc -O2 -o foo foo.c". Without -O2 it 
>> runs fine. No problems on Linux with or without -O2.
>> Can anyone spot the problem? I think its related to the use of
>> va_copy().
> 
> No, the problem is that gcc uses %ebx after a function call, which it is
> not allowed to do:
[snip]
> Or does the ABI dictate that %ebx needs to be restored?  Seems that
> linux/glibc doesn't clobber ebx.

okay, I am wrong here.  %ebx is supposed to be saved and is also being
saved by vsnprinf.  gcc is good.

So this is actually a case of stack smashing.  Have fun finding the bug
in vsnprintf or in your code :)

> cheers
>   simon


Attachment:
signature.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00004.pgp
Type: application/octet-stream
Size: 252 bytes
Desc: "Description: OpenPGP digital signature"
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20071112/0fa84e53/attachment-0021.obj>


More information about the Users mailing list