a compiler bug?

NTDEV
1

I am debugging my tdi client driver today and my box was installed a
check build tcpip.sys. However, I find out a rather werid problem./
/In tcpip!UpdateConnInfo, it hits the bugcheck.(!analyze -v result is at
the end of this post)
After trying to step into this routine, I found out a little code
snippet I’m afraid which should not be the result expected by the
author of the tcpip.sys.
kd> r
eax=bafc7c18 ebx=822992dc ecx=ba047901 edx=00000330 esi=f884e2d4
edi=819de7a0
eip=b98d57a2 esp=f884e0a4 ebp=f884e0b0 iopl=0 nv up ei ng nz na
pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00000282
tcpip!UpdateConnInfo+0x20:
b98d57a2 0fb65608 movzx edx,byte ptr [esi+0x8]
ds:0023:f884e2dc=00
kd> p
tcpip!UpdateConnInfo+0x24:
b98d57a6 3bca cmp ecx,edx
kd> r
eax=bafc7c18 ebx=822992dc ecx=ba047901 edx=00000000 esi=f884e2d4
edi=819de7a0
eip=b98d57a6 esp=f884e0a4 ebp=f884e0b0 iopl=0 nv up ei ng nz na
pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00000282
tcpip!UpdateConnInfo+0x24:
b98d57a6 3bca cmp ecx,edx
kd> p
tcpip!UpdateConnInfo+0x26:
b98d57a8 57 push edi
kd> p
tcpip!UpdateConnInfo+0x27:
b98d57a9 7d09 jge tcpip!UpdateConnInfo+0x32 (b98d57b4)

*NOTE*: I’m afraid the code of tcpip.sys expects ecx and edx represent
two unsigned integrals and if ecx >= ebx to jump to
tcpip!UpdateConnInfo+0x32. However, the result is as the following one:

kd> r
eax=bafc7c18 ebx=822992dc ecx=ba047901 edx=00000000 esi=f884e2d4
edi=819de7a0
eip=b98d57a9 esp=f884e0a0 ebp=f884e0b0 iopl=0 nv up ei ng nz na
pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00000282
tcpip!UpdateConnInfo+0x27:
b98d57a9 7d09 jge tcpip!UpdateConnInfo+0x32 (b98d57b4)
[br=0]
kd> p
tcpip!UpdateConnInfo+0x29:
b98d57ab c745fc05000080 mov dword ptr [ebp-0x4],0x80000005

According to Intel docs:
JGE Jump short if greater or equal (SF=OF). The code path is fit for the
description of the mannuals.
JAE Jump short if above or equal (CF=0). This may be suitable for this
sutiation.

Anyway, I don’t own the access right to the source code of tcpip.sys.
Does anyone from MS could help me to check this and validate my
assumption? Thanks a lot.

The result of !analyze -v

Best Regards,
hanzhu

2

BTW: My testing system is Win2k3 Sp1.

Best Regards,
hanzhu

hanzhu дµÀ:

I am debugging my tdi client driver today and my box was installed a
check build tcpip.sys. However, I find out a rather werid problem./
/In tcpip!UpdateConnInfo, it hits the bugcheck.(!analyze -v result is at
the end of this post)
After trying to step into this routine, I found out a little code
snippet I’m afraid which should not be the result expected by the
author of the tcpip.sys.
kd> r
eax=bafc7c18 ebx=822992dc ecx=ba047901 edx=00000330 esi=f884e2d4
edi=819de7a0
eip=b98d57a2 esp=f884e0a4 ebp=f884e0b0 iopl=0 nv up ei ng nz na
pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00000282
tcpip!UpdateConnInfo+0x20:
b98d57a2 0fb65608 movzx edx,byte ptr [esi+0x8]
ds:0023:f884e2dc=00
kd> p
tcpip!UpdateConnInfo+0x24:
b98d57a6 3bca cmp ecx,edx
kd> r
eax=bafc7c18 ebx=822992dc ecx=ba047901 edx=00000000 esi=f884e2d4
edi=819de7a0
eip=b98d57a6 esp=f884e0a4 ebp=f884e0b0 iopl=0 nv up ei ng nz na
pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00000282
tcpip!UpdateConnInfo+0x24:
b98d57a6 3bca cmp ecx,edx
kd> p
tcpip!UpdateConnInfo+0x26:
b98d57a8 57 push edi
kd> p
tcpip!UpdateConnInfo+0x27:
b98d57a9 7d09 jge tcpip!UpdateConnInfo+0x32 (b98d57b4)

*NOTE*: I’m afraid the code of tcpip.sys expects ecx and edx represent
two unsigned integrals and if ecx >= ebx to jump to
tcpip!UpdateConnInfo+0x32. However, the result is as the following one:

kd> r
eax=bafc7c18 ebx=822992dc ecx=ba047901 edx=00000000 esi=f884e2d4
edi=819de7a0
eip=b98d57a9 esp=f884e0a0 ebp=f884e0b0 iopl=0 nv up ei ng nz na
pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00000282
tcpip!UpdateConnInfo+0x27:
b98d57a9 7d09 jge tcpip!UpdateConnInfo+0x32 (b98d57b4)
[br=0]
kd> p
tcpip!UpdateConnInfo+0x29:
b98d57ab c745fc05000080 mov dword ptr [ebp-0x4],0x80000005

According to Intel docs:
JGE Jump short if greater or equal (SF=OF). The code path is fit for the
description of the mannuals.
JAE Jump short if above or equal (CF=0). This may be suitable for this
sutiation.

Anyway, I don’t own the access right to the source code of tcpip.sys.
Does anyone from MS could help me to check this and validate my
assumption? Thanks a lot.

The result of !analyze -v