>Number:         26949
>Category:       port-sh3
>Synopsis:       Dynmic linker on sh3 breaks functions that return structures.
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    port-sh3-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Sep 14 20:51:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Valeriy E. Ushakov
>Release:        2.0G
>Organization:
>Environment:
NetBSD nada 2.0G NetBSD 2.0G (NADA) #1: Thu Aug 19 02:08:39 MSD 2004  uwe@sampo:/export/netbsd/cvs/src/sys/arch/hpcsh/compile/NADA hpcsh

>Description:
SuperH ABI says that when a fucntion returns a structure, the
pointer to the storage is supplied by the caller in R2.  However
when dynamic linker performs the symbol resolution, the R2 will
get clobbered, and the called function will try to write the
structure to some random memory.

>How-To-Repeat:
Anything that uses fontconfig, e.g. xclock, will dump core:

Program received signal SIGSEGV, Segmentation fault.
0x2046f94c in FcValueSave () from /usr/X11R6/lib/libfontconfig.so.1
(gdb) where
#0  0x2046f94c in FcValueSave () from /usr/X11R6/lib/libfontconfig.so.1
#1  0x204706ce in FcPatternAddWithBinding ()
   from /usr/X11R6/lib/libfontconfig.so.1
#2  0x204707d4 in FcPatternAdd () from /usr/X11R6/lib/libfontconfig.so.1
#3  0x20470944 in FcPatternAddString () from /usr/X11R6/lib/libfontconfig.so.1
#4  0x20471478 in FcNameParse () from /usr/X11R6/lib/libfontconfig.so.1
#5  0x2047573c in FcDirSave () from /usr/X11R6/lib/libfontconfig.so.1

>Fix:
_rtld_bind_start in libexec/ld.elf_so/arch/sh3/rtld_start.S
should save/restore r2.  Probably instead of r3, as r3 is not
used by ABI to pass any data to callee, as far as I can tell
from a quick scan through the docs.

>Release-Note:
>Audit-Trail:
>Unformatted: