1.0.8.18: Fix gc-safety bug in x86oid function calls

         * Off by one error in conservative stack scavenging, the top of the
           stack wasn't pinned.
         * In the new calling convention there is a small window during which
           the return address only exists on the top of the stack. If a gc
           was triggered during that window, the code object could move, and
           the return address would point to freed memory.

diff --git a/src/runtime/gencgc.c b/src/runtime/gencgc.c
index 8f60129..3161230 100644 (file)
--- a/src/runtime/gencgc.c
+++ b/src/runtime/gencgc.c
@@ -3991,7 +3991,7 @@ garbage_collect_generation(generation_index_t generation, int raise)
 #else
             esp = (void **)((void *)&raise);
 #endif
-            for (ptr = ((void **)th->control_stack_end)-1; ptr > esp;  ptr--) {
+            for (ptr = ((void **)th->control_stack_end)-1; ptr >= esp;  ptr--) {
                 preserve_pointer(*ptr);
             }
         }

diff --git a/version.lisp-expr b/version.lisp-expr
index b88d052..e63ab44 100644 (file)
--- a/version.lisp-expr
+++ b/version.lisp-expr
@@ -17,4 +17,4 @@
 ;;; checkins which aren't released. (And occasionally for internal
 ;;; versions, especially for internal versions off the main CVS
 ;;; branch, it gets hairier, e.g. "0.pre7.14.flaky4.13".)
-"1.0.8.17"
+"1.0.8.18"