stackoom
  简体   繁体   中英

Segmentation fault - Debugging assembly gdb

 原文  2015-06-29 02:19:27       c/ debugging/ assembly/ linux-kernel/ gdb

Question

I am debugging a segmentation fault. Here is the code snippet which faults at ff_printf call. 

for (p = &v[QUEUE], i = 0; i < p->used; i++) {
        queue_t *q = p->data[i];
        ff_printf(F_DB, "  %02u %s\n",
            p->cp, q->tq->queue_name);
    }

The seg fault is at line ff_printf. When I debug through gdb, I can resolve p->cp and q->tq->queue_name. F_DB also gets resolved as it is an enum. Hence, it did not seg fault because of invalid deference.

After disassembly of the code, I get the below assembly of the above code snippet for the line ff_printf. 

   0x0000000000449b88 <+360>:   mov    -0x14(%r13),%rax
   0x0000000000449b8c <+364>:   movzwl %r10w,%edx

   0x0000000000449b90 <+368>:   movzwl (%rbx),%r9d
   0x0000000000449b94 <+372>:   mov    $0x56a4d9,%r8d
   0x0000000000449b9a <+378>:   mov    $0x5,%ecx
   0x0000000000449b9f <+383>:   mov    $0x5bb,%esi
   0x0000000000449ba4 <+388>:   mov    $0x56a27b,%edi
   0x0000000000449ba9 <+393>:   mov    (%rax,%rdx,8),%rax
   0x0000000000449bad <+397>:   mov    $0x56aec0,%edx
=> 0x0000000000449bb2 <+402>:   mov    0x88(%rax),%rax
   0x0000000000449bb9 <+409>:   mov    %r10d,-0x48(%rbp)
   0x0000000000449bbd <+413>:   mov    %rax,(%rsp)
   0x0000000000449bc1 <+417>:   xor    %eax,%eax
   0x0000000000449bc3 <+419>:   callq  0x4423c0 <ff_printf>

Now, I did debug the registers and verified with the code snippet. I was able to get F_DB, p->cp, q->tq->queue_name through the assembly debugging (viz through registers). I observe that the value of %rax is 0x0. I observe that the seg fault happens before the call the ff_printf library.

I have two questions:

1: How do I map this 

"    => 0x0000000000449bb2 <+402>:  mov    0x88(%rax),%rax"

to the code snippet?

I observe that the %rax is populated through 

0x0000000000449b88 <+360>:  mov    -0x14(%r13),%rax

which I think is mov ( address of $r13 - 0x14) to %rax.

and 

0x0000000000449ba9 <+393>:  mov    (%rax,%rdx,8),%rax

which I think it is mov ( address $rax+ address $rdx+ 8) to %rax. Am I right ?

2: I am not sure if there was any stack corruption. This seg fault is very very rare, I cannot reproduce it. How to backtrace it further from here ?

1 answers

solution1
 0  2015-06-29 05:48:21

p = &v[QUEUE]

is wrong, if QUEUE is the size of v, since its index ranges from zero to QUEUE-1.

So use

p = &v[QUEUE-1]

Or, in case you wanted to start from the beginning of v, use

p = v

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Segmentation fault - weird debugging with gdb Segmentation Fault "in ?? ()" in GDB Segmentation Fault and Debugging with Valgrind MPI debugging Segmentation fault Segmentation fault debugging help Segmentation Fault, debugging MPI Debugging, Segmentation fault? inline assembly segmentation fault Segmentation fault problem, gdb message Segmentation fault with GDB debugger - C
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM