Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#1012 bug in libmingwex, proposed patch included

closed-fixed
Danny Smith
2007-03-05
2007-03-04
Alexey Kuznetsov
No

Bug in mingw-runtime-3.11

It looks like there's a bug in libmingwex causing a buffer overflow and access violation. The problem is in the fesetround function.

Applicable software versions: mingw-runtime-3.11, gcc-3.4.2, gcc-3.4.5.

This test case:

//----------

#include <stdio.h>
#include <fenv.h>

int main() {
printf("Hello, world!\n");
fesetround(FE_TONEAREST);
printf(";-)");
return 0;
}

//----------

generates access violation error with SSE enabled.

Possible cause:

STMXCSR command in fesetround.c writes to 32-bit memory operand, but only 16-bit is allocated ("unsigned short _cw"). In fact GCC allocates 4 bytes in stack for this 16-bit variable, but translates references to it as [ESP+2]. That's why STMXCSR overwrites part of the return address, which causes an access violation.

Proposed solution: replace

unsigned short \_cw;

with

unsigned int \_cw;

Best regards,
Alexey.

Discussion

  • Danny Smith
    Danny Smith
    2007-03-05

    Logged In: YES
    user_id=11494
    Originator: NO

    Thanks for the report.
    Fixed in CVS.
    Danny

     
  • Danny Smith
    Danny Smith
    2007-03-05

    • milestone: --> IINR_-_Include_In_Next_Release
    • assigned_to: nobody --> dannysmith
    • status: open --> closed-fixed