see testcase, reduced example of a situation reported by Kyryl Melekhin in https://github.com/kyx0r/neatvi/ . Problem is that setting up the VLA sp-save in a scope that isn't entered at runtime leaves traces of it in outer scopes that then try to restore the stack pointer from uninitialized slots.
		
			
				
	
	
		
			119 lines
		
	
	
	
		
			1.3 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			119 lines
		
	
	
	
		
			1.3 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| #include <stdio.h>
 | |
| 
 | |
| int f(void)
 | |
| {
 | |
|   return 5;
 | |
| }
 | |
| 
 | |
| void test1()
 | |
| {
 | |
|   int count = 10;
 | |
|   void *addr[10];
 | |
|   for(;count--;) {
 | |
|     int a[f()];
 | |
| 
 | |
|     addr[count] = a;
 | |
| 
 | |
|     continue;
 | |
|   }
 | |
| 
 | |
|   if(addr[9] == addr[0]) {
 | |
|     printf("OK\n");
 | |
|   } else {
 | |
|     printf("NOT OK\n");
 | |
|   }
 | |
| }
 | |
| 
 | |
| void test2()
 | |
| {
 | |
|   int count = 10;
 | |
|   void *addr[count];
 | |
|   for(;count--;) {
 | |
|     int a[f()];
 | |
| 
 | |
|     addr[count] = a;
 | |
| 
 | |
|     continue;
 | |
|   }
 | |
| 
 | |
|   if(addr[9] == addr[0]) {
 | |
|     printf("OK\n");
 | |
|   } else {
 | |
|     printf("NOT OK\n");
 | |
|   }
 | |
| }
 | |
| 
 | |
| void test3()
 | |
| {
 | |
|   int count = 10;
 | |
|   void *addr[count];
 | |
|   while(count--) {
 | |
|       int b[f()];
 | |
|       if (count >= 0) {
 | |
|           int a[f()];
 | |
| 
 | |
|           addr[count] = a;
 | |
| 
 | |
|           continue;
 | |
|       }
 | |
|   }
 | |
| 
 | |
|   if(addr[9] == addr[0]) {
 | |
|     printf("OK\n");
 | |
|   } else {
 | |
|     printf("NOT OK\n");
 | |
|   }
 | |
| }
 | |
| 
 | |
| void test4()
 | |
| {
 | |
|   int count = 10;
 | |
|   void *addr[count];
 | |
|   do {
 | |
|     int a[f()];
 | |
| 
 | |
|     addr[--count] = a;
 | |
| 
 | |
|     continue;
 | |
|   } while (count);
 | |
| 
 | |
|   if(addr[9] == addr[0]) {
 | |
|     printf("OK\n");
 | |
|   } else {
 | |
|     printf("NOT OK\n");
 | |
|   }
 | |
| }
 | |
| 
 | |
| void test5()
 | |
| {
 | |
|   int count = 10;
 | |
|   int a[f()];
 | |
|   int c[f()];
 | |
| 
 | |
|   c[0] = 42;
 | |
| 
 | |
|   for(;count--;) {
 | |
|     int b[f()];
 | |
|     int i;
 | |
|     for (i=0; i<f(); i++) {
 | |
|       b[i] = count;
 | |
|     }
 | |
|   }
 | |
| 
 | |
|   if (c[0] == 42) {
 | |
|     printf("OK\n");
 | |
|   } else {
 | |
|     printf("NOT OK\n");
 | |
|   }
 | |
| }
 | |
| 
 | |
| int main(void)
 | |
| {
 | |
|   test1();
 | |
|   test2();
 | |
|   test3();
 | |
|   test4();
 | |
|   test5();
 | |
| 
 | |
|   return 0;
 | |
| }
 |