[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] Stack problem
From: |
Johannes Schindelin |
Subject: |
[Qemu-devel] Stack problem |
Date: |
Thu, 23 Sep 2004 19:02:05 +0200 (CEST) |
Hi,
while trying to port QEmu to an IRIX host, I found a problem with the
implementation of jcxw_im, which is also present with x86 on x86:
00005db0 <op_jz_ecxw_im>:
5db0: 83 ec 04 sub $0x4,%esp
[...]
5de0: 31 db xor %ebx,%ebx
5de2: c3 ret
5de3: 59 pop %ecx
5de4: c3 ret
Note the "ret" at 5de2, which is an EXIT_TB(), and the "pop %ecx" just
after it. So, $ecx is not properly reset, and what is worse: QEmu will
jump to a wrong address (the value $ecx should have).
This will be a problem *anytime* a function takes some heap from the
stack, but calls EXIT_TB (which is a "ret" on most platforms) without
giving it back. I only found another one, jz_ecxl_im (for obvious reasons
it has the same flaw).
Two methods spring to my mind:
- We could try to find out how many bytes were reserved, and add them to
the stack in EXIT_TB(),
- or we could try to force gcc not to reserve a chunk from the stack (e.g.
by calling another function for the complicated things, which returns
whether to EXIT_TB() or not,
- or we introduce op_exit_tb_T0, which does only EXIT_TB() if T0!=0, and
rewrite the op_jz_ecx{SUFFIX}_im function.
Comments? Suggestions?
Ciao,
Dscho
- [Qemu-devel] Stack problem,
Johannes Schindelin <=