incubator-stdcxx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Farid Zaripov (JIRA)" <j...@apache.org>
Subject [jira] Updated: (STDCXX-554) Bad code generation of the std::moneypunct ctor (and possibly of the std::messages ctor)
Date Thu, 13 Sep 2007 18:19:32 GMT

     [ https://issues.apache.org/jira/browse/STDCXX-554?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Farid Zaripov updated STDCXX-554:
---------------------------------

    Environment: 
MSVC 7.1 with Service Pack 1

Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 13.10.6030 for 80x86
Copyright (C) Microsoft Corporation 1984-2002. All rights reserved.

  was:MSVC 7.1


> Bad code generation of the std::moneypunct ctor (and possibly of the std::messages ctor)
> ----------------------------------------------------------------------------------------
>
>                 Key: STDCXX-554
>                 URL: https://issues.apache.org/jira/browse/STDCXX-554
>             Project: C++ Standard Library
>          Issue Type: Bug
>          Components: 22. Localization
>    Affects Versions: 4.1.3, trunk
>         Environment: MSVC 7.1 with Service Pack 1
> Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 13.10.6030 for 80x86
> Copyright (C) Microsoft Corporation 1984-2002. All rights reserved.
>            Reporter: Farid Zaripov
>         Attachments: stdcxx-554.patch
>
>
>   The 22.locale.money.put.cpp test fails on MSVC 7.1 (15s build type) with buffer overrun
error due to bad code generation.
>   Here the assembly code for moneypunct ctor:
> -------------
>     _EXPLICIT moneypunct (_RWSTD_SIZE_T __refs = 0)
>         : _RW::__rw_facet (__refs), money_base () { }
> 004018C0  push        ebp  
> 004018C1  mov         ebp,esp 
> 004018C3  push        ecx  
> 004018C4  mov         dword ptr [ebp-4],ecx 
> 004018C7  mov         eax,dword ptr [__refs] 
> 004018CA  push        eax  
> 004018CB  mov         ecx,dword ptr [this] 
> 004018CE  call        __rw::__rw_facet::__rw_facet (412E20h) 
> 004018D3  xor         ecx,ecx 
> 004018D5  mov         edx,dword ptr [this] 
> 004018D8  add         edx,38h                       // the sizeof (moneypunct) == 0x38
> 004018DB  mov         byte ptr [edx],cl           // here the place of the buffer overrun
> 004018DD  mov         eax,dword ptr [this] 
> 004018E0  mov         dword ptr [eax],offset std::moneypunct<char,0>::`vftable'
(488838h) 
> 004018E6  mov         eax,dword ptr [this] 
> 004018E9  mov         esp,ebp 
> 004018EB  pop         ebp  
> 004018EC  ret         4    
> -------------
>   When I commented the money_base () call the test succeeded and assembly code has changed
to:
> -------------
>     _EXPLICIT moneypunct (_RWSTD_SIZE_T __refs = 0)
>         : _RW::__rw_facet (__refs)/*, money_base ()*/ { }
> 004018C0  push        ebp  
> 004018C1  mov         ebp,esp 
> 004018C3  push        ecx  
> 004018C4  mov         dword ptr [ebp-4],ecx 
> 004018C7  mov         eax,dword ptr [__refs] 
> 004018CA  push        eax  
> 004018CB  mov         ecx,dword ptr [this] 
> 004018CE  call        __rw::__rw_facet::__rw_facet (412E20h) 
> 004018D3  mov         ecx,dword ptr [this] 
> 004018D6  mov         dword ptr [ecx],offset std::moneypunct<char,0>::`vftable'
(488838h) 
> 004018DC  mov         eax,dword ptr [this] 
> 004018DF  mov         esp,ebp 
> 004018E1  pop         ebp  
> 004018E2  ret         4    
> -------------
>   Here the same assembly, but in 12s configuration:
> before change:
> -------------
>     const PunctT pun;
> 004018B1  push        1    
> 004018B3  lea         ecx,[esp+0B4h] 
> 004018BA  call        __rw::__rw_facet::__rw_facet (40A770h) 
> 004018BF  mov         byte ptr [esp+0E8h],bl            // 0xE8 - 0xB4 == 0x34, so here
not buffer overrun,
>                                                                             // but maybe
changed last 4-byte member of the __rw_facet
>                                                                             // (I suppose
is _C_pid)
> 004018C6  mov         dword ptr [esp+0B0h],offset Punct<char,0>::`vftable' (43A258h)

> -------------
> after change:
> -------------
>     const PunctT pun;
> 00401891  push        1    
> 00401893  lea         ecx,[esp+0B4h] 
> 0040189A  call        __rw::__rw_facet::__rw_facet (40A720h) 
> 0040189F  mov         dword ptr [esp+0B0h],offset Punct<char,0>::`vftable' (43A258h)

> -------------
>   I have not verified, but I suppose that the same problem might be with messages class.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message