[Bug 1572613] [NEW] GCC stack access scheduled after stack deallocation

Wed Apr 20 14:57:37 UTC 2016

You have been subscribed to a public bug:

== Comment: #0 - Andreas Krebbel - 2016-04-19 05:22:12 ==

The following miscompilation was found in the Valgrind memcheck preload
library.

This compiler behavior can be reproduced with a small test case:

$ echo 'void foo (void) { volatile int a = 5; (void) a; }' | \
  gcc -O2 -fno-omit-frame-pointer -o foo.o -c -x c - && objdump -d foo.o

foo.o:     file format elf64-s390

Disassembly of section .text:

0000000000000000 <foo>:
   0:	b3 c1 00 2b       	ldgr	%f2,%r11
   4:	b3 c1 00 0f       	ldgr	%f0,%r15
   8:	e3 f0 ff 58 ff 71 	lay	%r15,-168(%r15)
   e:	b9 04 00 bf       	lgr	%r11,%r15
  12:	b3 cd 00 f0       	lgdr	%r15,%f0
  16:	e5 4c b0 a4 00 05 	mvhi	164(%r11),5     <---- stack variable access after stack pointer restore
  1c:	58 10 b0 a4       	l	%r1,164(%r11) <----
  20:	b3 cd 00 b2       	lgdr	%r11,%f2
  24:	07 fe             	br	%r14
  26:	07 07             	nopr	%r7

A patch for upstream GCC has been posted on the mailing list. Backports will go into 4.9/5/6 branches after the upstream patch is applied.
https://gcc.gnu.org/ml/gcc-patches/2016-04/msg00910.html

This patch needs to be included in the Ubuntu 16.04 GCC 5 packages.

We have scanned the entire xenial universe repo for suspicious
sequences. Unfortunately several packages need to be rebuild after
including the patch. We recommend rebuilding at least the following
packages:

ceph-test_10.1.1-0ubuntu1_s390x.deb
g++-mingw-w64-i686_5.3.1-8ubuntu3+17_s390x.deb
g++-mingw-w64-x86-64_5.3.1-8ubuntu3+17_s390x.deb
gambas3-gb-qt4_3.8.4-2ubuntu3_s390x.deb
gcc-arm-none-eabi_4.9.3+svn231177-1_s390x.deb
gcc-avr_4.9.2+Atmel3.5.0-1_s390x.deb
gcc-mingw-w64-i686_5.3.1-8ubuntu3+17_s390x.deb
gcc-mingw-w64-x86-64_5.3.1-8ubuntu3+17_s390x.deb
gcc-snapshot_20160320-1ubuntu1_s390x.deb
gfortran-mingw-w64-i686_5.3.1-8ubuntu3+17_s390x.deb
gfortran-mingw-w64-x86-64_5.3.1-8ubuntu3+17_s390x.deb
gnat-mingw-w64-i686_5.3.1-3ubuntu1+16_s390x.deb
gnat-mingw-w64-x86-64_5.3.1-3ubuntu1+16_s390x.deb
gobjc++-mingw-w64-i686_5.3.1-8ubuntu3+17_s390x.deb
gobjc++-mingw-w64-x86-64_5.3.1-8ubuntu3+17_s390x.deb
gobjc-mingw-w64-i686_5.3.1-8ubuntu3+17_s390x.deb
gobjc-mingw-w64-x86-64_5.3.1-8ubuntu3+17_s390x.deb
higan_094-6_s390x.deb
juju-mongodb3.2_3.2.4-0ubuntu1_s390x.deb
libfpga0_0.0+201212-1_s390x.deb
libgnatvsn5_5.3.1-14ubuntu2_s390x.deb
libgnatvsn5-s390x-cross_5.3.1-14ubuntu2cross1_all.deb
libinsighttoolkit4.9_4.9.0-4ubuntu1_s390x.deb
libiv-unidraw1_1.2.11a1-6_s390x.deb
libjavascriptcoregtk-1.0-0_2.4.10-0ubuntu1_s390x.deb
libjavascriptcoregtk-3.0-0_2.4.10-0ubuntu1_s390x.deb
libmariadbd18_10.0.24-7_s390x.deb
libtsm3_3-1_s390x.deb
libwebkit2gtk-3.0-25_2.4.10-0ubuntu1_s390x.deb
mariadb-client-core-10.0_10.0.24-7_s390x.deb
mariadb-plugin-oqgraph_10.0.24-7_s390x.deb
mariadb-plugin-spider_10.0.24-7_s390x.deb
mariadb-server-10.0_10.0.24-7_s390x.deb
mariadb-server-core-10.0_10.0.24-7_s390x.deb
mariadb-test_10.0.24-7_s390x.deb
mysql-client-5.6_5.6.28-1ubuntu3_s390x.deb
mysql-client-core-5.6_5.6.28-1ubuntu3_s390x.deb
mysql-server-5.6_5.6.28-1ubuntu3_s390x.deb
mysql-server-core-5.6_5.6.28-1ubuntu3_s390x.deb
mysql-testsuite-5.7_5.7.11-0ubuntu6_s390x.deb
nodejs_4.2.6~dfsg-1ubuntu4_s390x.deb
percona-server-server-5.6_5.6.22-rel71.0-0ubuntu2_s390x.deb
percona-xtrabackup_2.2.3-2.1build1_s390x.deb
percona-xtradb-cluster-server-5.6_5.6.21-25.8-0ubuntu2_s390x.deb

== Comment: #2 - Andreas Krebbel - 2016-04-20 03:22:27 ==
Patch is upstream committed to head, gcc-6, and gcc-5 branches.

** Affects: gcc-defaults (Ubuntu)
     Importance: Undecided
     Assignee: Skipper Bug Screeners (skipper-screen-team)
         Status: New

** Tags: architecture-s39064 bugnameltc-140461 severity-high targetmilestone-inin16041
-- 
GCC stack access scheduled after stack deallocation
https://bugs.launchpad.net/bugs/1572613
You received this bug notification because you are a member of Ubuntu Foundations Bugs, which is subscribed to gcc-defaults in Ubuntu.