Return-Path: Delivered-To: apmail-incubator-stdcxx-dev-archive@www.apache.org Received: (qmail 63197 invoked from network); 13 Sep 2007 18:19:53 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 13 Sep 2007 18:19:53 -0000 Received: (qmail 38957 invoked by uid 500); 13 Sep 2007 18:19:46 -0000 Delivered-To: apmail-incubator-stdcxx-dev-archive@incubator.apache.org Received: (qmail 38918 invoked by uid 500); 13 Sep 2007 18:19:46 -0000 Mailing-List: contact stdcxx-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: stdcxx-dev@incubator.apache.org Delivered-To: mailing list stdcxx-dev@incubator.apache.org Received: (qmail 38894 invoked by uid 99); 13 Sep 2007 18:19:46 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 13 Sep 2007 11:19:46 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 13 Sep 2007 18:19:52 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 5EAA0714227 for ; Thu, 13 Sep 2007 11:19:32 -0700 (PDT) Message-ID: <24313341.1189707572385.JavaMail.jira@brutus> Date: Thu, 13 Sep 2007 11:19:32 -0700 (PDT) From: "Farid Zaripov (JIRA)" To: stdcxx-dev@incubator.apache.org Subject: [jira] Updated: (STDCXX-554) Bad code generation of the std::moneypunct ctor (and possibly of the std::messages ctor) In-Reply-To: <17436306.1189706852399.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/STDCXX-554?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Farid Zaripov updated STDCXX-554: --------------------------------- Environment: MSVC 7.1 with Service Pack 1 Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 13.10.6030 for 80x86 Copyright (C) Microsoft Corporation 1984-2002. All rights reserved. was:MSVC 7.1 > Bad code generation of the std::moneypunct ctor (and possibly of the std::messages ctor) > ---------------------------------------------------------------------------------------- > > Key: STDCXX-554 > URL: https://issues.apache.org/jira/browse/STDCXX-554 > Project: C++ Standard Library > Issue Type: Bug > Components: 22. Localization > Affects Versions: 4.1.3, trunk > Environment: MSVC 7.1 with Service Pack 1 > Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 13.10.6030 for 80x86 > Copyright (C) Microsoft Corporation 1984-2002. All rights reserved. > Reporter: Farid Zaripov > Attachments: stdcxx-554.patch > > > The 22.locale.money.put.cpp test fails on MSVC 7.1 (15s build type) with buffer overrun error due to bad code generation. > Here the assembly code for moneypunct ctor: > ------------- > _EXPLICIT moneypunct (_RWSTD_SIZE_T __refs = 0) > : _RW::__rw_facet (__refs), money_base () { } > 004018C0 push ebp > 004018C1 mov ebp,esp > 004018C3 push ecx > 004018C4 mov dword ptr [ebp-4],ecx > 004018C7 mov eax,dword ptr [__refs] > 004018CA push eax > 004018CB mov ecx,dword ptr [this] > 004018CE call __rw::__rw_facet::__rw_facet (412E20h) > 004018D3 xor ecx,ecx > 004018D5 mov edx,dword ptr [this] > 004018D8 add edx,38h // the sizeof (moneypunct) == 0x38 > 004018DB mov byte ptr [edx],cl // here the place of the buffer overrun > 004018DD mov eax,dword ptr [this] > 004018E0 mov dword ptr [eax],offset std::moneypunct::`vftable' (488838h) > 004018E6 mov eax,dword ptr [this] > 004018E9 mov esp,ebp > 004018EB pop ebp > 004018EC ret 4 > ------------- > When I commented the money_base () call the test succeeded and assembly code has changed to: > ------------- > _EXPLICIT moneypunct (_RWSTD_SIZE_T __refs = 0) > : _RW::__rw_facet (__refs)/*, money_base ()*/ { } > 004018C0 push ebp > 004018C1 mov ebp,esp > 004018C3 push ecx > 004018C4 mov dword ptr [ebp-4],ecx > 004018C7 mov eax,dword ptr [__refs] > 004018CA push eax > 004018CB mov ecx,dword ptr [this] > 004018CE call __rw::__rw_facet::__rw_facet (412E20h) > 004018D3 mov ecx,dword ptr [this] > 004018D6 mov dword ptr [ecx],offset std::moneypunct::`vftable' (488838h) > 004018DC mov eax,dword ptr [this] > 004018DF mov esp,ebp > 004018E1 pop ebp > 004018E2 ret 4 > ------------- > Here the same assembly, but in 12s configuration: > before change: > ------------- > const PunctT pun; > 004018B1 push 1 > 004018B3 lea ecx,[esp+0B4h] > 004018BA call __rw::__rw_facet::__rw_facet (40A770h) > 004018BF mov byte ptr [esp+0E8h],bl // 0xE8 - 0xB4 == 0x34, so here not buffer overrun, > // but maybe changed last 4-byte member of the __rw_facet > // (I suppose is _C_pid) > 004018C6 mov dword ptr [esp+0B0h],offset Punct::`vftable' (43A258h) > ------------- > after change: > ------------- > const PunctT pun; > 00401891 push 1 > 00401893 lea ecx,[esp+0B4h] > 0040189A call __rw::__rw_facet::__rw_facet (40A720h) > 0040189F mov dword ptr [esp+0B0h],offset Punct::`vftable' (43A258h) > ------------- > I have not verified, but I suppose that the same problem might be with messages class. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.