[Mono-bugs] [Bug 41525][Nor] New - Mini crashes using ASP.NET

[bugzilla-daemon@rocky.ximian.com]

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by ramon_garcia_f@terra.es.

http://bugzilla.ximian.com/show_bug.cgi?id=41525

--- shadow/41525	Fri Apr 18 06:03:00 2003
+++ shadow/41525.tmp.9566	Fri Apr 18 06:03:00 2003
@@ -0,0 +1,210 @@
+Bug#: 41525
+Product: Mono/Runtime
+Version: unspecified
+OS: Red Hat 8.0
+OS Details: 
+Status: NEW   
+Resolution: 
+Severity: 040 One week
+Priority: Normal
+Component: misc
+AssignedTo: mono-bugs@ximian.com                            
+ReportedBy: ramon_garcia_f@terra.es               
+QAContact: mono-bugs@ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: Mini crashes using ASP.NET
+
+Starting the XSP server with mini, mini crashes when pointing the browser to
+the example codebehind1.aspx .
+
+The reason for the crash is a call to helper_memcpy with a huge size,
+invoked by JIT generated code. It seems to me that the JIT code did not put
+three arguments in the stack, just two.
+
+Here is the JIT generated code. I try to show a complete function.The
+offending call is at 0x84fc62e.
+
+0x84fc537:      push   %edi
+0x84fc538:      sub    $0xbc,%esp
+0x84fc53e:      movl   $0x0,0xffffffd8(%ebp)
+0x84fc545:      movl   $0x0,0xffffffd4(%ebp)
+0x84fc54c:      movl   $0x0,0xffffffd0(%ebp)
+0x84fc553:      push   $0x18
+0x84fc558:      mov    %ebp,%eax
+0x84fc55a:      add    $0xffffffb8,%eax
+0x84fc55f:      push   %eax
+0x84fc560:      call   0x400301fc <helper_initobj>
+0x84fc565:      add    $0x8,%esp
+0x84fc568:      mov    %ebp,%eax
+0x84fc56a:      add    $0xffffff90,%eax
+0x84fc56f:      push   %eax
+0x84fc570:      call   0x82524ec
+0x84fc575:      add    $0x4,%esp
+0x84fc578:      push   $0x8
+0x84fc57d:      mov    %ebp,%eax
+0x84fc57f:      add    $0xffffff90,%eax
+0x84fc584:      push   %eax
+0x84fc585:      mov    %ebp,%eax
+0x84fc587:      add    $0xffffffa0,%eax
+0x84fc58c:      push   %eax
+0x84fc58d:      call   0x4003022c <helper_memcpy>
+0x84fc592:      add    $0xc,%esp
+0x84fc595:      mov    %ebp,%eax
+0x84fc597:      add    $0xffffffa0,%eax
+0x84fc59c:      push   %eax
+0x84fc59d:      call   0x8252b0c
+0x84fc5a2:      add    $0x4,%esp
+0x84fc5a5:      mov    %edx,%ecx
+0x84fc5a7:      mov    %eax,0xffffff40(%ebp)
+0x84fc5ad:      mov    %ecx,0xffffff8c(%ebp)
+0x84fc5b0:      mov    %eax,0xffffff88(%ebp)
+0x84fc5b3:      mov    0xffffff8c(%ebp),%ecx
+0x84fc5b6:      mov    %ecx,0xffffffb4(%ebp)
+0x84fc5b9:      mov    %eax,0xffffffb0(%ebp)
+0x84fc5bc:      movl   $0x0,0xffffffd0(%ebp)
+0x84fc5c3:      push   $0x0
+0x84fc5c8:      mov    0x8(%ebp),%eax
+0x84fc5cb:      mov    0x20(%eax),%eax
+0x84fc5ce:      push   %eax
+0x84fc5cf:      cmpl   $0x0,(%eax)
+0x84fc5d2:      call   0x84fc99c
+0x84fc5d7:      add    $0x8,%esp
+0x84fc5da:      mov    0x8(%ebp),%eax
+0x84fc5dd:      pushl  0xc(%eax)
+0x84fc5e0:      push   $0x841a958
+0x84fc5e5:      push   $0x824a178
+0x84fc5ea:      call   0x4009127a <mono_array_new>
+0x84fc5ef:      add    $0xc,%esp
+0x84fc5f2:      mov    %eax,0xffffff48(%ebp)
+0x84fc5f8:      mov    %eax,0xffffffd8(%ebp)
+0x84fc5fb:      movl   $0x0,0xffffffd4(%ebp)
+0x84fc602:      push   $0x18
+0x84fc607:      mov    0x8(%ebp),%eax
+0x84fc60a:      mov    0x1c(%eax),%ecx
+0x84fc60d:      mov    0xffffffd4(%ebp),%eax
+0x84fc610:      mov    0xc(%ecx),%edx
+0x84fc613:      cmp    %eax,%edx
+0x84fc615:      jbe    0x84fc887
+0x84fc61b:      imul   $0x18,%eax,%eax
+0x84fc61e:      add    %ecx,%eax
+0x84fc620:      add    $0x10,%eax
+0x84fc625:      push   %eax
+0x84fc626:      mov    %ebp,%eax
+0x84fc628:      add    $0xffffff70,%eax
+0x84fc62d:      push   %eax
+0x84fc62e:      call   0x4003022c <helper_memcpy>
+0x84fc633:      add    $0xc,%esp
+0x84fc636:      push   $0x18
+0x84fc63b:      mov    %ebp,%eax
+0x84fc63d:      add    $0xffffff70,%eax
+0x84fc642:      push   %eax
+0x84fc643:      mov    %ebp,%eax
+0x84fc645:      add    $0xffffffb8,%eax
+0x84fc64a:      push   %eax
+0x84fc64b:      call   0x4003022c <helper_memcpy>
+0x84fc650:      add    $0xc,%esp
+0x84fc653:      mov    0xffffffb8(%ebp),%eax
+0x84fc656:      test   %eax,%eax
+0x84fc658:      je     0x84fc7a6
+0x84fc65e:      mov    0xffffffc0(%ebp),%eax
+0x84fc661:      mov    %eax,0xffffff40(%ebp)
+0x84fc667:      mov    0xffffffc4(%ebp),%edx
+0x84fc66a:      mov    0xffffffb0(%ebp),%ecx
+0x84fc66d:      mov    0xffffffb4(%ebp),%eax
+0x84fc670:      cmp    %eax,%edx
+0x84fc672:      mov    0xffffff40(%ebp),%eax
+0x84fc678:      jg     0x84fc7a6
+0x84fc67e:      jne    0x84fc68c
+0x84fc684:      cmp    %ecx,%eax
+0x84fc686:      jae    0x84fc7a6
+0x84fc68c:      push   $0x0
+0x84fc691:      mov    0x8(%ebp),%eax
+0x84fc694:      mov    0x20(%eax),%eax
+0x84fc697:      mov    %ebp,%ecx
+0x84fc699:      add    $0xffffff6f,%ecx
+0x84fc69f:      push   %eax
+0x84fc6a0:      push   %ecx
+0x84fc6a1:      cmpl   $0x0,(%eax)
+0x84fc6a4:      call   0x841ecd8
+0x84fc6a9:      add    $0xc,%esp
+0x84fc6ac:      push   $0x1
+0x84fc6b1:      mov    %ebp,%eax
+0x84fc6b3:      add    $0xffffff6f,%eax
+0x84fc6b8:      push   %eax
+0x84fc6b9:      mov    %ebp,%eax
+0x84fc6bb:      add    $0xffffffaf,%eax
+0x84fc6c0:      push   %eax
+0x84fc6c1:      call   0x4003022c <helper_memcpy>
+0x84fc6c6:      add    $0xc,%esp
+0x84fc6c9:      pushl  0xffffffd4(%ebp)
+0x84fc6cc:      mov    0x8(%ebp),%eax
+0x84fc6cf:      mov    0x24(%eax),%eax
+0x84fc6d2:      push   %eax
+0x84fc6d3:      cmpl   $0x0,(%eax)
+0x84fc6d6:      call   0x84241f0
+0x84fc6db:      add    $0x8,%esp
+0x84fc6de:      mov    %eax,%edi
+0x84fc6e0:      mov    0xffffffd8(%ebp),%eax
+0x84fc6e3:      mov    %eax,0xffffff68(%ebp)
+0x84fc6e9:      mov    0xffffffd0(%ebp),%edi
+0x84fc6ec:      mov    %edi,%eax
+0x84fc6ee:      add    $0x1,%eax
+0x84fc6f3:      mov    %eax,0xffffff9c(%ebp)
+0x84fc6f6:      mov    0xffffff68(%ebp),%eax
+0x84fc6fc:      mov    %eax,0xffffff64(%ebp)
+0x84fc702:      mov    %edi,0xffffff60(%ebp)
+0x84fc708:      mov    0xffffff9c(%ebp),%eax
+0x84fc70b:      mov    %eax,0xffffffd0(%ebp)
+0x84fc70e:      mov    0xffffff64(%ebp),%eax
+0x84fc714:      mov    0xffffff60(%ebp),%ecx
+0x84fc71a:      mov    0xc(%eax),%edx
+0x84fc71d:      cmp    %ecx,%edx
+0x84fc71f:      jbe    0x84fc878
+0x84fc725:      lea    0x10(%eax,%ecx,4),%eax
+0x84fc729:      mov    0xffffffb8(%ebp),%ecx
+0x84fc72c:      mov    %ecx,(%eax)
+0x84fc72e:      mov    0xffffffb8(%ebp),%eax
+0x84fc731:      mov    %eax,0xffffff5c(%ebp)
+0x84fc737:      mov    $0x8503014,%eax
+0x84fc73c:      movzbl (%eax),%eax
+0x84fc73f:      push   %eax
+0x84fc740:      mov    0xffffff5c(%ebp),%eax
+0x84fc746:      push   %eax
+0x84fc747:      cmpl   $0x0,(%eax)
+0x84fc74a:      call   0x850f158
+0x84fc74f:      add    $0x8,%esp
+0x84fc752:      mov    0xffffffb8(%ebp),%eax
+0x84fc755:      mov    %eax,0xffffff58(%ebp)
+0x84fc75b:      mov    $0x8503018,%eax
+0x84fc760:      pushl  (%eax)
+0x84fc762:      mov    0xffffff58(%ebp),%eax
+0x84fc768:      push   %eax
+0x84fc769:      cmpl   $0x0,(%eax)
+0x84fc76c:      call   0x850f188
+0x84fc771:      add    $0x8,%esp
+0x84fc774:      movl   $0x0,0xffffffb8(%ebp)
+0x84fc77b:      mov    %esp,0xffffffdc(%ebp)
+0x84fc77e:      call   0x84fc785
+0x84fc783:      jmp    0x84fc7a6
+0x84fc785:      mov    %ebp,%eax
+0x84fc787:      add    $0xffffffaf,%eax
+0x84fc78c:      push   %eax
+0x84fc78d:      mov    0x8(%ebp),%eax
+0x84fc790:      mov    0x20(%eax),%eax
+0x84fc793:      push   %eax
+0x84fc794:      cmpl   $0x0,(%eax)
+0x84fc797:      call   0x841ec60
+0x84fc79c:      add    $0x8,%esp
+0x84fc79f:      mov    0xffffffdc(%ebp),%esp
+0x84fc7a2:      sub    $0x4,%esp
+0x84fc7a5:      ret
+
+helper_memcpy shows arguments (addr=0xbefff860, src=0x842d238,
+    size=650351168)
+
+
+Unfortunately, the crash happens later in a call to mono_object_new,
+because of the data corruption originated by the memcpy. It took some
+time to figure out the reason.