------- Comment #21 from froydnj at gcc dot gnu dot org 2010-08-12 17:08 ------- Even without optimization (as the compilation script uses), the program crashes. To be concrete about what's going wrong based on what the assembly code actually looks like (GCC version Ubuntu 4.4.3-4ubuntu5):
bug_example: pushl %ebp movl %esp, %ebp subl $1048, %esp # space for buffer movl 8(%ebp), %eax # move string elsewhere movl %eax, -1020(%ebp) movl %gs:20, %eax # stuff for stack checking movl %eax, -12(%ebp) xorl %eax, %eax movb $0, -1012(%ebp) leal 12(%ebp), %eax # address of i to stack movl %eax, 4(%esp) leal -1020(%ebp), %eax # address of (copied) strp to stack movl %eax, (%esp) call bug_example_2 movl -12(%ebp), %eax xorl %gs:20, %eax je .L6 call __stack_chk_fail .L6: leave ret .size bug_example, .-bug_example You are assuming that in `bug_example' that the parameters passed to `bug_example_2' must be the addresses of those variables *as they were passed on the stack*. This is certainly one way of implementing it, but it is not mandated by the standard (as comment #9 points out). -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45265