[U-Boot] [PATCH 3/3] post/lib_powerpc/multi.c: fix stack overflow error

Anatolij Gustschin agust at denx.de
Fri Dec 23 17:06:40 CET 2011 

Hello Wolfgang,

On Fri, 23 Dec 2011 12:29:12 +0100
Wolfgang Denk <wd at denx.de> wrote:

> The code and comment disagreed: the comment claimed that r6...r31
> were copied, and consequently the arrays for "src" and "dst" were
> declared with 26 entries, but the actual code ("lmw r5,0(r3)" and
> "stmw r5,0(r4)") copied _27_ words (r5 through r31), which resulted
> in false "POST cpu Error at multi test" messages.

Great! Thanks for fixing this bug!

Acked-by: Anatolij Gustschin <agust at denx.de>
Tested-by: Anatolij Gustschin <agust at denx.de>

But I wonder why didn't we see it with U-Boot built using older
GCC versions.

Since only 26 words will be compared after the test, the issue
only shows up if the destination buffer is placed at lower
addresses on the stack than the source buffer. In this case the
first word in the source buffer is overwritten. GCC 4.6.1 generated
code which changed the order of src[] and dst[] on the stack and
the hidden bug showed up.

Here is a partial dump of each buffer and additionally a
dump of the following word. The buffer address is in
parenthesis:

with GCC 4.2.2:

00: src(03e51c74) 0x00000000, dst(03e51cdc) 0x00000000
01: src(03e51c78) 0x00000001, dst(03e51ce0) 0x00000000
...
25: src(03e51cd8) 0x00000019, dst(03e51d40) 0x00000000
26: src(03e51cdc) 0x00000000, dst(03e51d44) 0x00000000

Test result:

00: src(03e51c74) 0x00000000, dst(03e51cdc) 0x00000000
01: src(03e51c78) 0x00000001, dst(03e51ce0) 0x00000001
...
25: src(03e51cd8) 0x00000019, dst(03e51d40) 0x00000019
26: src(03e51cdc) 0x00000000, dst(03e51d44) 0x00000000


with GCC 4.6.1:

00: src(03e57cf4) 0x00000000, dst(03e57c8c) 0x00000000
01: src(03e57cf8) 0x00000001, dst(03e57c90) 0x00000000
...
25: src(03e57d58) 0x00000019, dst(03e57cf0) 0x00000000
26: src(03e57d5c) 0x03f9c3c0, dst(03e57cf4) 0x00000000

Test result:
Error at multi test !
00: src(03e57cf4) 0x03f9c3c0, dst(03e57c8c) 0x00000000
01: src(03e57cf8) 0x00000001, dst(03e57c90) 0x00000001
...
25: src(03e57d58) 0x00000019, dst(03e57cf0) 0x00000019
26: src(03e57d5c) 0x03f9c3c0, dst(03e57cf4) 0x03f9c3c0

Thanks,
Anatolij

More information about the U-Boot mailing list