http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58854
Mikael Pettersson <mikpelinux at gmail dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mikpelinux at gmail dot com --- Comment #2 from Mikael Pettersson <mikpelinux at gmail dot com> --- Started with r188742. The code generation difference at that revision is: @@ -115,16 +115,17 @@ bne .L6 .L9: ldr r3, [fp, #-56] + sub sp, fp, #40 ldr r2, [fp, #-60] + mov r0, sl str r6, [r3, #0] ldr r3, [fp, #-52] str r2, [r3, #0] - b .L8 + ldmfd sp, {r4, r5, r6, r7, r8, r9, sl, fp, sp, pc} .L2: + sub sp, fp, #40 mov sl, #0 -.L8: mov r0, sl - sub sp, fp, #40 ldmfd sp, {r4, r5, r6, r7, r8, r9, sl, fp, sp, pc} .L28: b .L23 Hoisting "sub sp, fp, #40" causes several loads, via FP minus an offset, to access locations below SP, and thus be vulnerable to clobbers from asynchronous calls (signal handles in user-space, exception handlers in the kernel as is the case here).