[Bug target/63346] xserver_xorg-server-1.15.1 crash on RaspberryPi when compiled with gcc-4.9

[ps.report at gmx dot net]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63346

--- Comment #3 from Peter Seiderer <ps.report at gmx dot net> ---
Created attachment 36593
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=36593&action=edit
Reduces test case from xserver_xorg-server-1.17.2/fb/fbpict.c

Reduced (but not yet minimal) test case from the
original xserver_xorg-server-1.17.2/fb/fbpict.c file.

On x86_64:

$ ./fbpict_x86
$ cat my.log
fbGlyphs() pSrc = (nil) pDst = 0x602280 glyphs = 0x6021b0
glyphs = 0x6021b0 - 1
glyphs = 0x6021b8 - 2
glyphs = 0x602070 - 3
glyphs = 0x6021b8 - 1
glyphs = 0x6021c0 - 2
glyphs = 0x6020b0 - 3
glyphs = 0x6021c0 - 1
glyphs = 0x6021c8 - 2
glyphs = 0x6020f0 - 3
glyphs = 0x6021c8 - 1
glyphs = 0x6021d0 - 2
glyphs = 0x602130 - 3
glyphs = 0x6021d0 - 1
glyphs = 0x6021d8 - 2
glyphs = 0x602170 - 3


On Raspberry Pi (arm):
$ ./fbpict_arm
Segmentation fault
$ cat my.log 
fbGlyphs() pSrc = (nil) pDst = 0x20c24 glyphs = 0x20ce4
glyphs = 0x20ce4 - 1

$ gdb ./fbpict_arm
(gdb) run
Starting program: /root/gcc_bug_63346/fbpict_arm 

Program received signal SIGSEGV, Segmentation fault.
fbGlyphs (op=op@entry=0 '\000', pSrc=0x5, pSrc@entry=0x0, pDst=0x0, 
    pDst@entry=0x20c24 <pictureRec.5609>, maskFormat=0x5, 
    maskFormat@entry=0x0, xSrc=xSrc@entry=10, ySrc=ySrc@entry=10, nlist=-1, 
    nlist@entry=5, list=list@entry=0x20c6c <glyphList.5618>, glyphs=0x5, 
    glyphs@entry=0x20ce4 <glyph>) at fbpict.c:59
59                  glyph = *glyphs++;
(gdb) disassemble
...
   0x00010658 <+272>:   beq     0x10794 <fbGlyphs+588>
   0x0001065c <+276>:   ldrsh   r3, [r4, #-12]
   0x00010660 <+280>:   add     r10, r10, r3
   0x00010664 <+284>:   ldrsh   r3, [r4, #-10]
   0x00010668 <+288>:   add     r11, r11, r3
   0x0001066c <+292>:   ldrb    r3, [r4, #-8]
   0x00010670 <+296>:   str     r3, [sp, #52]   ; 0x34
   0x00010674 <+300>:   ldr     r3, [sp, #52]   ; 0x34
   0x00010678 <+304>:   cmp     r3, #0
   0x0001067c <+308>:   beq     0x10780 <fbGlyphs+568>
   0x00010680 <+312>:   add     r3, sp, #6336   ; 0x18c0
   0x00010684 <+316>:   ldr     r1, [r3]
   0x00010688 <+320>:   ldr     r0, [pc, #684]  ; 0x1093c <fbGlyphs+1012>
   0x0001068c <+324>:   bl      0x1098c <my_printf>
=> 0x00010690 <+328>:   ldr     r3, [r2]
   0x00010694 <+332>:   add     r2, sp, #6336   ; 0x18c0
   0x00010698 <+336>:   ldr     r7, [r3], #4
   0x0001069c <+340>:   ldr     r0, [pc, #668]  ; 0x10940 <fbGlyphs+1016>
   0x000106a0 <+344>:   str     r3, [r2]
   0x000106a4 <+348>:   ldr     r1, [r2]
   0x000106a8 <+352>:   bl      0x1098c <my_printf>
   0x000106ac <+356>:   mov     r1, r7
   0x000106b0 <+360>:   ldr     r0, [pc, #652]  ; 0x10944 <fbGlyphs+1020>
   0x000106b4 <+364>:   bl      0x1098c <my_printf>
   0x000106b8 <+368>:   ldr     r3, [pc, #632]  ; 0x10938 <fbGlyphs+1008>
   0x000106bc <+372>:   mov     r2, #0
   0x000106c0 <+376>:   mov     r1, r7
   0x000106c4 <+380>:   ldr     r0, [r3]
   0x000106c8 <+384>:   bl      0x10970 <pixman_glyph_cache_lookup>
   0x000106cc <+388>:   subs    r9, r0, #0
   0x000106d0 <+392>:   bne     0x10748 <fbGlyphs+512>
   0x000106d4 <+396>:   ldr     r1, [sp, #84]   ; 0x54
   0x000106d8 <+400>:   mov     r0, r7
   0x000106dc <+404>:   bl      0x10978 <GetGlyphPicture>