fix 64-bit writes to 32-bit struct field in HiPE runtime

In the HiPE part of the runtime system's Process struct
there is a state field which is 32 bits wide even on 64-bit
machines.

There is a single instruction in the HiPE AMD64 runtime
where this field is incorrectly written with a 64-bit store.
Luckily the extraneous 32 bits are written as zeros to 4
bytes of tail-padding at the end of the struct, so nothing
should have broken because of this.

The same bug exists in the HiPE PowerPC64 runtime (in
development), but on the big-endian PPC64 the effect is
to write the actual value to the tail-padding and zero
to the struct field, which potentially breaks TRAPs from
BIFs (depending on BIF arities and how many parameter
registers the runtime has been configured to use).

Thanks to Paul Guyot for noticing the oversized write on AMD64.

2 files changed, 2 insertions, 2 deletions

diff --git a/erts/emulator/hipe/hipe_amd64_glue.S b/erts/emulator/hipe/hipe_amd64_glue.S
index ede762aae0..3376487292 100644
--- a/erts/emulator/hipe/hipe_amd64_glue.S
+++ b/erts/emulator/hipe/hipe_amd64_glue.S
@@ -402,7 +402,7 @@ nbif_3_simple_exception:
 	 * - the native heap/stack/reds registers are saved in P
 	 */
 .handle_trap:
-	movq	%rax, P_NARITY(P)
+	movl	%eax, P_NARITY(P)	# Note: narity is a 32-bit field
 	movl	$HIPE_MODE_SWITCH_RES_TRAP, %eax
 	jmp	.nosave_exit
 
diff --git a/erts/emulator/hipe/hipe_ppc_glue.S b/erts/emulator/hipe/hipe_ppc_glue.S
index 0651963294..c010f4f047 100644
--- a/erts/emulator/hipe/hipe_ppc_glue.S
+++ b/erts/emulator/hipe/hipe_ppc_glue.S
@@ -541,7 +541,7 @@ CSYM(nbif_3_simple_exception):
 .handle_trap:
 	li	r3, HIPE_MODE_SWITCH_RES_TRAP
 	STORE	NSP, P_NSP(P)
-	STORE	r4, P_NARITY(P)
+	stw	r4, P_NARITY(P)	/* Note: narity is a 32-bit field */
 	STORE	TEMP_LR, P_NRA(P)
 	b	.nosave_exit