http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47893
Summary: [4.6 Regression] 4.6 miscompiles mesa on i686 Product: gcc Version: 4.6.0 Status: UNCONFIRMED Keywords: wrong-code Severity: blocker Priority: P3 Component: middle-end AssignedTo: unassig...@gcc.gnu.org ReportedBy: ja...@gcc.gnu.org Target: i686-linux Created attachment 23466 --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=23466 mesa.c The following testcase (distilled from http://bugzilla.redhat.com/679924 ) is miscompiled on i?86 (and x86_64 -m32). The problem is that struct S is 20 bytes long (why doesn't mesa pack the bitfield structs better is beyond me) and is returned indirectly via caller provided memory. The assembly shows: call fn1 # testl %eax, %eax # movl %eax, -4664(%ebp) #, %sfp ... leal -4680(%ebp), %eax #, call fn2 # ... cmpl %ebx, -4664(%ebp) # i, %sfp i.e. the return value from fn1 (variable c) is spilled into %ebp-4664, but fn2 is given as struct S return slot %ebp-4680, so when it returns it overwrites some 16 bytes reserved for the return value and the variable c as well.