On Tuesday 10 March 2009 21:47:59 someguy wrote:> From a cursory glance, it looks like something is messing with the > stack canarys. Probably a stack buffer overflow.In case it is relevant, HLVM uses libsigsegv to detect stack overflows and that stack handler is initialized in my JITted code which LLVM's runFunction should be calling. Could libsigsegv be conflicing with the stack smashing code? -- Dr Jon Harrop, Flying Frog Consultancy Ltd. http://www.ffconsultancy.com/?e
On Mar 10, 2009, at 3:07 PM, Jon Harrop wrote:> On Tuesday 10 March 2009 21:47:59 someguy wrote: >> From a cursory glance, it looks like something is messing with the >> stack canarys. Probably a stack buffer overflow. > > In case it is relevant, HLVM uses libsigsegv to detect stack > overflows and > that stack handler is initialized in my JITted code which LLVM's > runFunction > should be calling. > > Could libsigsegv be conflicing with the stack smashing code?If it changes known values on the stack - yes. Basically it all works by placing a sentinel value on the stack initialized with a random number that's then checked at the end of the function. If that has been changed it calls abort(). IIRC the feature is turned on by default on modern versions of linux. I do not believe it is yet turned on by default for darwin. -eric
On Tue, Mar 10, 2009 at 2:12 PM, Eric Christopher <echristo at apple.com> wrote:> > On Mar 10, 2009, at 3:07 PM, Jon Harrop wrote: > >> On Tuesday 10 March 2009 21:47:59 someguy wrote: >>> From a cursory glance, it looks like something is messing with the >>> stack canarys. Probably a stack buffer overflow. >> >> In case it is relevant, HLVM uses libsigsegv to detect stack >> overflows and >> that stack handler is initialized in my JITted code which LLVM's >> runFunction >> should be calling. >> >> Could libsigsegv be conflicing with the stack smashing code? > > If it changes known values on the stack - yes. > > Basically it all works by placing a sentinel value on the stack > initialized with a > random number that's then checked at the end of the function. If that > has been > changed it calls abort(). IIRC the feature is turned on by default on > modern > versions of linux. I do not believe it is yet turned on by default for > darwin. >It's not turned on by default for Leopard. If you don't want these stack protectors (which is sounds like in this case), just use -fno-stack-protector. At least on the particular files you know that libsigsegv is messing with... -bw