From patchwork Fri Mar 17 10:41:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Alan Modra X-Patchwork-Id: 71230 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:604a:0:0:0:0:0 with SMTP id j10csp261716wrt; Fri, 17 Mar 2023 03:41:42 -0700 (PDT) X-Google-Smtp-Source: AK7set90VL3QutODioV/yQDXmGbZXNB8tU2DhqmP8fTjMw1g5/okTf7d73ORh0Rxjj6GLQ+75rKI X-Received: by 2002:a17:906:3386:b0:8cf:fda0:5b9b with SMTP id v6-20020a170906338600b008cffda05b9bmr2691929eja.22.1679049702529; Fri, 17 Mar 2023 03:41:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679049702; cv=none; d=google.com; s=arc-20160816; b=hz4ZlKDG1z+RkaByyJyFKTWmj6NxqBRG7YJxiOJZuj45YIf47jLGiQZJuQRwKhzCUT rTWyqRXwcaQ+43gQhh9RalNHyOe2XujiprWY3lSRKT6kzDeUozp8RvCDCdEvK1AFcrbX YQIddJyhNM7VvQz0eUEhQDSVWRdR0bYxWi1JTA2BYa3TRUg8KN0slz+OaXuDHVX/4t4b jLwxf75bUYO/qQXTSO+YiXO2GafFP1jp2iaJXTOzwurrW9h6xlVZtrbF+7GqMTx4KVVH fIUJE2onDoylEqkYo8C0WkaeyeeTjx0NPRbUhArdY3HA/76eCHtu6nUJ1FNa/KPLKLVG Uj4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence :content-transfer-encoding:content-disposition:mime-version :message-id:subject:cc:to:date:dmarc-filter:delivered-to :dkim-signature:dkim-filter; bh=R2fit/QqpOwmALvaeMjEyBBpRpPAR5f4g4iSWR/EZmg=; b=ylK2TsPANjZUgKR4v3btGrzIae+kURF80Vo/UU3Eafm9hbXp/l/KZZ7a18FhlDwht7 2yKHog7c8Gi3ulAbDEYECQcxqmkLpy/AKFRItcQViNtu2mJUJGufEHnOFeDUYjbjN/d1 DODSiwzLpTjjAFW2H39wNvc4f6ZXkSD0BWuCPYUDq0zfF262S5YfmpcuGHxFE7PxppsY FQfnBBi/cSCXIm83g4pTX2DZ+YbJ5gvjpDcl0ZQgVJcinruoXOuGeIRR8SOv3MbZQRIJ QrUvKovoyntHLTnHomsLjR7BED+zGKz+7j+0pobnFLtRZlBk+3NH6sDfvIGuDHzPWq9K ancA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sourceware.org header.s=default header.b=Xff85+Gx; spf=pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org Received: from sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id z7-20020a17090674c700b008db13af5641si2108670ejl.261.2023.03.17.03.41.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 17 Mar 2023 03:41:42 -0700 (PDT) Received-SPF: pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@sourceware.org header.s=default header.b=Xff85+Gx; spf=pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 815B3385781F for ; Fri, 17 Mar 2023 10:41:41 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 815B3385781F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1679049701; bh=R2fit/QqpOwmALvaeMjEyBBpRpPAR5f4g4iSWR/EZmg=; h=Date:To:Cc:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:From:Reply-To:From; b=Xff85+GxdgLoIrC08jxrmXV8tCTopiJzcng+GlABimVcl0m4oCyOPN9Glu9HTx97K QaTDf1pLYBmnCw0KaT4TxwtJIW8oqHyJ0O0BF+PwlJa02CIGI7V6ljMLNGEmz28pAj K0X1qd0MdUVlu6AQEQFn3XS/E65IfqicISL4a1bI= X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com [IPv6:2607:f8b0:4864:20::1036]) by sourceware.org (Postfix) with ESMTPS id 37FCE3858410 for ; Fri, 17 Mar 2023 10:41:31 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 37FCE3858410 Received: by mail-pj1-x1036.google.com with SMTP id om3-20020a17090b3a8300b0023efab0e3bfso8508309pjb.3 for ; Fri, 17 Mar 2023 03:41:31 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679049690; h=content-transfer-encoding:content-disposition:mime-version :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=R2fit/QqpOwmALvaeMjEyBBpRpPAR5f4g4iSWR/EZmg=; b=aKuHmT1AB7Wo3h7qJOZLwTu0nN5vD5Th2k9CJlBESY/hdrMiy6/VhGJ06oEd1YgA6K bTh/Sqc/qaMi9dBGISToS8Ei9tJ7mB3fVcVVwc885UAqyibVp9TJ4QHyldbEIe63QBwV 5Vc7wV1+ZSsRA6vA6PMf1Ebw72sbxqnKPY377sMH7+gcEhcvyAQR/wIOg8mabL2o57AY AnZvA7fWHVFLbQM4ez00V2Q4oC0tp6hvCh2bBx7cV67zt8Ztf/MhllLgOcasoYWCd6e5 SRFH/UNNvxQaC9Kf1Z2UZM/y6grlsFHTQ7si1T10RUN2d3316XQNSkO9I4HMBOOpDCwy YqkQ== X-Gm-Message-State: AO0yUKXjEVqgRKeIjGd5npg9tMDAvVThufAh2ueBwqoeZwrBlqYOKYLz G5lz88QCzHrWsbRazE+Oufqcm8xwR9Q= X-Received: by 2002:a17:902:e80c:b0:19d:387:6602 with SMTP id u12-20020a170902e80c00b0019d03876602mr8059957plg.58.1679049690172; Fri, 17 Mar 2023 03:41:30 -0700 (PDT) Received: from squeak.grove.modra.org ([2406:3400:51d:8cc0:698b:297d:a524:5e38]) by smtp.gmail.com with ESMTPSA id j4-20020a170903028400b0019a723a831dsm1254376plr.158.2023.03.17.03.41.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 17 Mar 2023 03:41:29 -0700 (PDT) Received: by squeak.grove.modra.org (Postfix, from userid 1000) id 4918D1142E9E; Fri, 17 Mar 2023 21:11:27 +1030 (ACDT) Date: Fri, 17 Mar 2023 21:11:27 +1030 To: Jan Beulich , "H.J. Lu" Cc: binutils@sourceware.org Subject: strange segfault i386-dis.c:9815:28 Message-ID: MIME-Version: 1.0 Content-Disposition: inline X-Spam-Status: No, score=-3034.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, KAM_NUMSUBJECT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Alan Modra via Binutils From: Alan Modra Reply-To: Alan Modra Errors-To: binutils-bounces+ouuuleilei=gmail.com@sourceware.org Sender: "Binutils" X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1760611220935598238?= X-GMAIL-MSGID: =?utf-8?q?1760611220935598238?= Hi Jan, H.J., I'm seeing some really weird oss-fuzz reports of segfaults in i386-dis.c. https://oss-fuzz.com/testcase-detail/5870018505342976 https://oss-fuzz.com/testcase-detail/4651718416924672 https://oss-fuzz.com/testcase-detail/5452642448179200 I can't reproduce them locally, and don't have access to the binaries to see exactly what is going on. The problem may well turn out to be a clang bug, but then there are these notes from the setjmp man page: "Consequently, the values of automatic variables are unspecified after a call to longjmp() if they meet all the following criteria: • they are local to the function that made the corresponding setjmp() call; • their values are changed between the calls to setjmp() and longjmp(); and • they are not declared as volatile." Jan's commit 384e201e5aec made "ins" an auto var. "priv" was already an auto var. It might be possible that one or more of the "ins" or "priv" fields are living in non-volatile regs and thus have stale values after the longjmp. To cover that possibility, how about the following patch? * i386-dis.c (print_insn): Access "ins" and "priv" via volatile pointers after second sigsetjmp return. diff --git a/opcodes/i386-dis.c b/opcodes/i386-dis.c index a414e8c9b1e..9684dcda746 100644 --- a/opcodes/i386-dis.c +++ b/opcodes/i386-dis.c @@ -9808,12 +9808,17 @@ print_insn (bfd_vma pc, disassemble_info *info, int intel_syntax) /* Getting here means we tried for data but didn't get it. That means we have an incomplete instruction of some sort. Just print the first byte as a prefix or a .byte pseudo-op. */ - if (ins.codep > priv.the_buffer) + volatile struct dis_private *ppriv = &priv; + volatile instr_info *pins = &ins; + if (pins->codep > ppriv->the_buffer) { const char *name = NULL; - if (ins.prefixes || ins.fwait_prefix >= 0 || (ins.rex & REX_OPCODE)) - name = prefix_name (&ins, priv.the_buffer[0], priv.orig_sizeflag); + if (pins->prefixes + || pins->fwait_prefix >= 0 + || (pins->rex & REX_OPCODE)) + name = prefix_name (&ins, ppriv->the_buffer[0], + ppriv->orig_sizeflag); if (name != NULL) i386_dis_printf (&ins, dis_style_mnemonic, "%s", name); else @@ -9822,7 +9827,7 @@ print_insn (bfd_vma pc, disassemble_info *info, int intel_syntax) i386_dis_printf (&ins, dis_style_assembler_directive, ".byte "); i386_dis_printf (&ins, dis_style_immediate, "0x%x", - (unsigned int) priv.the_buffer[0]); + (unsigned int) ppriv->the_buffer[0]); } return 1;