http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52221
gee <jojelino at gmail dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |WAITING Resolution|FIXED | --- Comment #4 from gee <jojelino at gmail dot com> 2012-02-13 17:02:18 UTC --- (In reply to comment #3) > Fixed. No. it doesn't fixed. following debug session shows. (gdb) 0x00fa0008 in ?? () (gdb) disp /5w $esp 6: x/5xw $esp 0x22fd7c: 0x696c5603 0x00e20e40 0x00a63fd0 0x00a63ff0 0x22fd8c: 0x00aa9848 (gdb) disp /w $ecx 7: x/xw $ecx 0xaa7e00: 0x00a6dc20 ^^^^^^^^ this parameter (gdb) ni 0x00fa000b in ?? () 7: x/xw $ecx 0xaa7e00: 0x00a6dc20 6: x/5xw $esp 0x22fd7c: 0x696c5603 0x00e20e40 0x00a63fd0 0x00a63ff0 0x22fd8c: 0x00aa9848 (gdb) disp /i $eip 8: x/i $eip => 0xfa000b: sub $0xc,%esp (gdb) ni 0x00fa000e in ?? () 8: x/i $eip => 0xfa000e: mov %ecx,0x4(%esp) 7: x/xw $ecx 0xaa7e00: 0x00a6dc20 6: x/5xw $esp 0x22fd70: 0x00e20e40 0x00ace300 0x0022fda8 0x696c5603 0x22fd80: 0x00e20e40 (gdb) 0x00fa0012 in ?? () 8: x/i $eip => 0xfa0012: mov %eax,(%esp) 7: x/xw $ecx 0xaa7e00: 0x00a6dc20 6: x/5xw $esp 0x22fd70: 0x00e20e40 0x00aa7e00 0x0022fda8 0x696c5603 0x22fd80: 0x00e20e40 (gdb) 0x00fa0015 in ?? () 8: x/i $eip => 0xfa0015: mov $0x4,%eax 7: x/xw $ecx 0xaa7e00: 0x00a6dc20 6: x/5xw $esp 0x22fd70: 0x696c5603 0x00aa7e00 0x0022fda8 0x696c5603 0x22fd80: 0x00e20e40 (gdb) 0x00fa001a in ?? () 8: x/i $eip => 0xfa001a: lea 0x8(%esp),%ecx 7: x/xw $ecx 0xaa7e00: 0x00a6dc20 6: x/5xw $esp 0x22fd70: 0x696c5603 0x00aa7e00 0x0022fda8 0x696c5603 0x22fd80: 0x00e20e40 (gdb) 0x00fa001e in ?? () 8: x/i $eip => 0xfa001e: shr $0x2,%eax 7: x/xw $ecx 0x22fd78: 0x0022fda8 6: x/5xw $esp 0x22fd70: 0x696c5603 0x00aa7e00 0x0022fda8 0x696c5603 0x22fd80: 0x00e20e40 (gdb) 0x00fa0021 in ?? () 8: x/i $eip => 0xfa0021: dec %eax 7: x/xw $ecx 0x22fd78: 0x0022fda8 6: x/5xw $esp 0x22fd70: 0x696c5603 0x00aa7e00 0x0022fda8 0x696c5603 0x22fd80: 0x00e20e40 (gdb) 0x00fa0022 in ?? () 8: x/i $eip => 0xfa0022: je 0xfa002f 7: x/xw $ecx 0x22fd78: 0x0022fda8 6: x/5xw $esp 0x22fd70: 0x696c5603 0x00aa7e00 0x0022fda8 0x696c5603 0x22fd80: 0x00e20e40 (gdb) 0x00fa002f in ?? () 8: x/i $eip => 0xfa002f: mov $0xfa0008,%eax 7: x/xw $ecx 0x22fd78: 0x0022fda8 6: x/5xw $esp 0x22fd70: 0x696c5603 0x00aa7e00 0x0022fda8 0x696c5603 0x22fd80: 0x00e20e40 (gdb) 0x00fa0034 in ?? () 8: x/i $eip => 0xfa0034: call 0x69ce18e0 <ffi_closure_raw_SYSV> 7: x/xw $ecx 0x22fd78: 0x0022fda8 6: x/5xw $esp 0x22fd70: 0x696c5603 0x00aa7e00 0x0022fda8 0x696c5603 0x22fd80: 0x00e20e40 Kai Tietz, could you explain why return address (0x696c5603) is at top of the stack? (although it is not first argument for the method? i suspect that you should have corrected this.) top of the stack must be 0x00aa7e00, not 0x696c5603. so it is turned out that thiscall trampoline code was invalid.