From owner-freebsd-current@FreeBSD.ORG  Thu Jun 12 01:36:51 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 10F7B37B401
	for <current@freebsd.org>; Thu, 12 Jun 2003 01:36:51 -0700 (PDT)
Received: from smtp02.syd.iprimus.net.au (smtp02.syd.iprimus.net.au
	[210.50.76.52])	by mx1.FreeBSD.org (Postfix) with ESMTP id 430EC43F3F
	for <current@freebsd.org>; Thu, 12 Jun 2003 01:36:50 -0700 (PDT)
	(envelope-from tim@robbins.dropbear.id.au)
Received: from dilbert.robbins.dropbear.id.au (210.50.248.235) by
	smtp02.syd.iprimus.net.au (7.0.015)
	id 3EDD52090015C765 for current@freebsd.org;
	Thu, 12 Jun 2003 18:36:49 +1000
Received: by dilbert.robbins.dropbear.id.au (Postfix, from userid 1000)
	id 5B546C911; Thu, 12 Jun 2003 18:29:44 +1000 (EST)
Date: Thu, 12 Jun 2003 18:29:44 +1000
From: Tim Robbins <tjr@FreeBSD.ORG>
To: current@freebsd.org
Message-ID: <20030612182944.A62729@dilbert.robbins.dropbear.id.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
Subject: Apparent i386 alloca.S bug (was: adsl/pppoe no longer connecting on
	5.1)
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jun 2003 08:36:51 -0000

Here's a test program for the i386 alloca() bug. Compile with -std=gnu89 (or
no -std option) and it works fine. Compile with -std=c99 or -std=c89 and it
breaks like this:

corruption: 05 should be 0xcc at offset 0
corruption: 00 should be 0xcc at offset 1
corruption: 00 should be 0xcc at offset 2
corruption: 00 should be 0xcc at offset 3

Interestingly, gcc -std=c89 on FreeBSD 4.8 doesn't trigger the bug.



#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define	NUMBYTES	511

static void
somefunc(int a, int b, int c, int d, int e)
{
}

int
main(int argc, char *argv[])
{
	char *s;
	int i;
	int failed;

	s = alloca(NUMBYTES);
	memset(s, 0xcc, NUMBYTES);
	somefunc(1, 2, 3, 4, 5);
	failed = 0;
	for (i = 0; i < NUMBYTES; i++) {
		if ((unsigned char)s[i] != 0xcc) {
			printf("corruption: %02x should be 0xcc at offset %d\n",
			    (unsigned char)s[i], i);
			failed = 1;
		}
	}
	exit(failed);
}