http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52221
gee <jojelino at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |WAITING
Resolution|FIXED |
--- Comment #4 from gee <jojelino at gmail dot com> 2012-02-13 17:02:18 UTC ---
(In reply to comment #3)
> Fixed.
No. it doesn't fixed. following debug session shows.
(gdb)
0x00fa0008 in ?? ()
(gdb) disp /5w $esp
6: x/5xw $esp
0x22fd7c: 0x696c5603 0x00e20e40 0x00a63fd0 0x00a63ff0
0x22fd8c: 0x00aa9848
(gdb) disp /w $ecx
7: x/xw $ecx 0xaa7e00: 0x00a6dc20
^^^^^^^^
this parameter
(gdb) ni
0x00fa000b in ?? ()
7: x/xw $ecx 0xaa7e00: 0x00a6dc20
6: x/5xw $esp
0x22fd7c: 0x696c5603 0x00e20e40 0x00a63fd0 0x00a63ff0
0x22fd8c: 0x00aa9848
(gdb) disp /i $eip
8: x/i $eip
=> 0xfa000b: sub $0xc,%esp
(gdb) ni
0x00fa000e in ?? ()
8: x/i $eip
=> 0xfa000e: mov %ecx,0x4(%esp)
7: x/xw $ecx 0xaa7e00: 0x00a6dc20
6: x/5xw $esp
0x22fd70: 0x00e20e40 0x00ace300 0x0022fda8 0x696c5603
0x22fd80: 0x00e20e40
(gdb)
0x00fa0012 in ?? ()
8: x/i $eip
=> 0xfa0012: mov %eax,(%esp)
7: x/xw $ecx 0xaa7e00: 0x00a6dc20
6: x/5xw $esp
0x22fd70: 0x00e20e40 0x00aa7e00 0x0022fda8 0x696c5603
0x22fd80: 0x00e20e40
(gdb)
0x00fa0015 in ?? ()
8: x/i $eip
=> 0xfa0015: mov $0x4,%eax
7: x/xw $ecx 0xaa7e00: 0x00a6dc20
6: x/5xw $esp
0x22fd70: 0x696c5603 0x00aa7e00 0x0022fda8 0x696c5603
0x22fd80: 0x00e20e40
(gdb)
0x00fa001a in ?? ()
8: x/i $eip
=> 0xfa001a: lea 0x8(%esp),%ecx
7: x/xw $ecx 0xaa7e00: 0x00a6dc20
6: x/5xw $esp
0x22fd70: 0x696c5603 0x00aa7e00 0x0022fda8 0x696c5603
0x22fd80: 0x00e20e40
(gdb)
0x00fa001e in ?? ()
8: x/i $eip
=> 0xfa001e: shr $0x2,%eax
7: x/xw $ecx 0x22fd78: 0x0022fda8
6: x/5xw $esp
0x22fd70: 0x696c5603 0x00aa7e00 0x0022fda8 0x696c5603
0x22fd80: 0x00e20e40
(gdb)
0x00fa0021 in ?? ()
8: x/i $eip
=> 0xfa0021: dec %eax
7: x/xw $ecx 0x22fd78: 0x0022fda8
6: x/5xw $esp
0x22fd70: 0x696c5603 0x00aa7e00 0x0022fda8 0x696c5603
0x22fd80: 0x00e20e40
(gdb)
0x00fa0022 in ?? ()
8: x/i $eip
=> 0xfa0022: je 0xfa002f
7: x/xw $ecx 0x22fd78: 0x0022fda8
6: x/5xw $esp
0x22fd70: 0x696c5603 0x00aa7e00 0x0022fda8 0x696c5603
0x22fd80: 0x00e20e40
(gdb)
0x00fa002f in ?? ()
8: x/i $eip
=> 0xfa002f: mov $0xfa0008,%eax
7: x/xw $ecx 0x22fd78: 0x0022fda8
6: x/5xw $esp
0x22fd70: 0x696c5603 0x00aa7e00 0x0022fda8 0x696c5603
0x22fd80: 0x00e20e40
(gdb)
0x00fa0034 in ?? ()
8: x/i $eip
=> 0xfa0034: call 0x69ce18e0 <ffi_closure_raw_SYSV>
7: x/xw $ecx 0x22fd78: 0x0022fda8
6: x/5xw $esp
0x22fd70: 0x696c5603 0x00aa7e00 0x0022fda8 0x696c5603
0x22fd80: 0x00e20e40
Kai Tietz, could you explain why return address (0x696c5603) is at top of the
stack? (although it is not first argument for the method? i suspect that you
should have corrected this.)
top of the stack must be 0x00aa7e00, not 0x696c5603.
so it is turned out that thiscall trampoline code was invalid.
