DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 52O1Shkd2082758 Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 52O1Shkd2082758 Authentication-Results: delorie.com; dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=ZFzq992r X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org ADE1B385AC1A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1742779721; bh=wnZhy+LIf4yGIIAfXBjRsGHp7LUo5HFO7Aojdo0TyTw=; h=Date:To:Subject:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=ZFzq992rWuI+dJHeZ2/xMjp/LBKfX1JOq/EInMgHVie1IYON5DT+9eXDo4ou2wHZk GEx/+Gdu0BhxdMEvg4g0QV1bpPUNq8PJbljcrpvQ7TtJ+GEbWHP9MjQODjX9MqhgMj izf2tKbVyb1Kexdl7w6FyhlzIU6wpNjNGrnEYhpM= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 0BE0F3858C31 ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 0BE0F3858C31 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1742779695; cv=none; b=PFe6V5fnL8wh1Pw5sYmX1NHqCOSxHU1SF8htR8qMKH2GAPKGrlM9uSvbCvYgSup6Ft0U9keN6aIs8uhAkDY50tKqlIshVkaf2LbaUBR7JyWwGmDcWQBC4gnPBSsvXCbOKR7GgLI76QEy0mYMUsJ4RGK7ikMWHY2U3mpiokgfMmI= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1742779695; c=relaxed/simple; bh=f57xi9RPFpQERypa0Pi+SOTzNHrMujXzryFYOsSP7KU=; h=Date:From:To:Subject:Message-Id:Mime-Version:DKIM-Signature; b=k4KJSY4wX++A1R3zIzySfipbIVdQsPXAEBNNWW7TFkkcxtxdMy5PEvOEoZoUfZ/G1X2KKPruK/L23MbGzCC7s8kIYfzBw+EjkGPfh/pHXwtaImU/kvgyz/nu3q5+fUVPF+e3JRm8zM36sc/kGueg1f1GXSEiXqw39NfP+kcZx20= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0BE0F3858C31 Date: Mon, 24 Mar 2025 10:28:10 +0900 To: cygwin AT cygwin DOT com Subject: Re: STATUS_HEAP_CORRUPTION if signal arrives when x86 direction flag is set Message-Id: <20250324102810.225bb1da1a0f6a738c03ad9d@nifty.ne.jp> In-Reply-To: <9413f848-7e2b-7044-be11-93045c75dc40@t-online.de> References: <9413f848-7e2b-7044-be11-93045c75dc40 AT t-online DOT de> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.30; i686-pc-mingw32) Mime-Version: 1.0 X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.30 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Takashi Yano via Cygwin Reply-To: Takashi Yano Content-Type: text/plain; charset="utf-8" Errors-To: cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com Sender: "Cygwin" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 52O1Shkd2082758 On Sun, 23 Mar 2025 12:54:36 +0100 Christian Franke wrote: > Found because 'stress-ng --memcpy ...' and other tests report segfaults: > > An exception 0xc0000374 (STATUS_HEAP_CORRUPTION) occurs if a signal > arrives during a memmove() which copies backwards due to overlap. > > The related snippet[s] from winsup/cygwin/x86_64/bcopy.S: > std > rep > movs[qb] > cld > > The testcase below shows that a set DF arrives at the signal handler. > This violates the ABI, AFAIK. After return, the process aborts > regardless of a "cld" in the signal handler. > > $ uname -r # also reproducible with 3.5.7-1 > 3.6.0-1.x86_64 > > $ cat dflagsig.c > #include > #include > > static volatile sig_atomic_t sigcnt; > > static void sighandler(int sig) > { > (void)sig; > // asm volatile ("cld"); // <== does not prevent crash > if (__builtin_ia32_readeflags_u64() & 0x0400) > write(1, "[DF=1]\n", 7); > else > write(1, "[DF=0]\n", 7); > ++sigcnt; > } > > int main() > { > signal(SIGINT, sighandler); > int std = 0, cnt; > while ((cnt = sigcnt) < 5) { > if (cnt == 2 && !std) { > asm volatile ("std"); > std = 1; > } > else if (cnt > 2 && std) { > asm volatile ("cld"); > std = 0; > } > } > return 42; > } > > $ gcc -o dflagsig dflagsig.c > > $ ./dflagsig # ... and press 3x ^C > [DF=0] > [DF=0] > [DF=1] > > $ echo $? # Hmm... "silent" crash! > 0 > > $ strace ./dflagsig # ... and run 3x 'kill -INT 1288' from other window > ... > 48 14882485 [main] dflagsig 1288 set_signal_mask: setmask 2, newmask > 0, mask_bits 2 > 863030 15745515 [sig] dflagsig 1288 sigpacket::process: signal 2 processing > ... > 55 15746773 [sig] dflagsig 1288 _cygtls::interrupt_setup: armed > signal_arrived 0x0, signal 2 > 70 15746843 [sig] dflagsig 1288 sigpacket::setup_handler: signal 2 > delivered > --- Process 12736 (pid: 1288), exception c0000374 at 00007ffe342dcba9 > ... > --- Process 12736 exited with status 0xc0000374 > Thanks for the report. I'll submit a patch to fix that. -- Takashi Yano -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple