diff options
author | Mikael Pettersson <[email protected]> | 2010-09-27 19:21:51 +0200 |
---|---|---|
committer | Björn Gustavsson <[email protected]> | 2010-09-30 14:58:37 +0200 |
commit | 3f367dad74735a863c3e072e51d6a9568b9d155d (patch) | |
tree | f1b432e5377d81793426ed50fee1747e5cb56014 | |
parent | 800a07c5a386a79465ad33e5015ba20bad2ccc62 (diff) | |
download | otp-3f367dad74735a863c3e072e51d6a9568b9d155d.tar.gz otp-3f367dad74735a863c3e072e51d6a9568b9d155d.tar.bz2 otp-3f367dad74735a863c3e072e51d6a9568b9d155d.zip |
fix 64-bit writes to 32-bit struct field in HiPE runtime
In the HiPE part of the runtime system's Process struct
there is a state field which is 32 bits wide even on 64-bit
machines.
There is a single instruction in the HiPE AMD64 runtime
where this field is incorrectly written with a 64-bit store.
Luckily the extraneous 32 bits are written as zeros to 4
bytes of tail-padding at the end of the struct, so nothing
should have broken because of this.
The same bug exists in the HiPE PowerPC64 runtime (in
development), but on the big-endian PPC64 the effect is
to write the actual value to the tail-padding and zero
to the struct field, which potentially breaks TRAPs from
BIFs (depending on BIF arities and how many parameter
registers the runtime has been configured to use).
Thanks to Paul Guyot for noticing the oversized write on AMD64.
-rw-r--r-- | erts/emulator/hipe/hipe_amd64_glue.S | 2 | ||||
-rw-r--r-- | erts/emulator/hipe/hipe_ppc_glue.S | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/erts/emulator/hipe/hipe_amd64_glue.S b/erts/emulator/hipe/hipe_amd64_glue.S index ede762aae0..3376487292 100644 --- a/erts/emulator/hipe/hipe_amd64_glue.S +++ b/erts/emulator/hipe/hipe_amd64_glue.S @@ -402,7 +402,7 @@ nbif_3_simple_exception: * - the native heap/stack/reds registers are saved in P */ .handle_trap: - movq %rax, P_NARITY(P) + movl %eax, P_NARITY(P) # Note: narity is a 32-bit field movl $HIPE_MODE_SWITCH_RES_TRAP, %eax jmp .nosave_exit diff --git a/erts/emulator/hipe/hipe_ppc_glue.S b/erts/emulator/hipe/hipe_ppc_glue.S index 0651963294..c010f4f047 100644 --- a/erts/emulator/hipe/hipe_ppc_glue.S +++ b/erts/emulator/hipe/hipe_ppc_glue.S @@ -541,7 +541,7 @@ CSYM(nbif_3_simple_exception): .handle_trap: li r3, HIPE_MODE_SWITCH_RES_TRAP STORE NSP, P_NSP(P) - STORE r4, P_NARITY(P) + stw r4, P_NARITY(P) /* Note: narity is a 32-bit field */ STORE TEMP_LR, P_NRA(P) b .nosave_exit |