Can not access memory in the .bss section, but gdb 'info files' shows the address is in range

Question

I have a binary that generates a Bus error (core dumped) message. When I run it under the debugger ( gdb ) it fails to access a memory location in the .bss section.

Program received signal SIGBUS, Bus error.
0x0000000000412275 in ?? ()

The code at this location is:

41226f:       0f 8f 33 ff ff ff       jg     4121a8 
  412275:       8b 35 51 b5 22 00       mov    0x22b551(%rip),%esi        # 63d7cc 
  41227b:       85 f6                   test   %esi,%esi

So its trying to access memory at location 0x63d7cc which is clearly within the .bss section: 0x63c4e0 - 0x63d7e0 .

gdb (along with /proc/$pid/maps) shows this memory as mapped:

(gdb) info proc mappings
process 16533
Mapped address spaces:

          Start Addr           End Addr       Size     Offset objfile
            0x400000           0x43a000    0x3a000        0x0 /somepath/someapp
            0x639000           0x63e000     0x5000    0x39000 /somepath/someapp
            0x63e000           0x65f000    0x21000        0x0 [heap]

(gdb) info files
Symbols from "/somepath/someapp".
...
        0x0000000000639c80 - 0x000000000063c498 is .data
        0x000000000063c4e0 - 0x000000000063d7e0 is .bss

Both examination of ELF sections:

% readelf -S someapp
...
  [24] .data             PROGBITS         0000000000639c80  00039c80
       0000000000002818  0000000000000000  WA       0     0     32
  [25] .bss              NOBITS           000000000063c4e0  0003c498
       0000000000001300  0000000000000000  WA       0     0     32
  [26] .gnu_debuglink    PROGBITS         0000000000000000  0003c498
       000000000000000c  0000000000000000           0     0     1
...

and Segments shows this memory as mapped:

% readelf -l someapp
...
  LOAD           0x0000000000000000 0x0000000000400000 0x0000000000400000
                 0x000000000003976c 0x000000000003976c  R E    200000
  LOAD           0x0000000000039770 0x0000000000639770 0x0000000000639770
                 0x0000000000004070 0x0000000000004070  RW     200000
...

But gdb is unable to access it (and thus why the app fails). Interestingly gdb is able to access .bss memory up and until 0x63d000 :

(gdb) x 0x63d7cc
0x63d7cc:       Cannot access memory at address 0x63d7cc
(gdb) x 0x63cff8
0x63cff8:       0x00000000
(gdb) x 0x63cffc
0x63cffc:       0x00000000
(gdb) x 0x63cffd
0x63cffd:       Cannot access memory at address 0x63d000

The questions are:
What could be preventing this access?
What other methods are available to examine runtime memory access permissions?
What else could modify the access rights of a running process?

Answer 1

The code at this location is:

The .bss is not normally executable, so likely that is why you are getting SIGBUS when trying to jump to it.

Your readelf output shows RW flags (note lack of E xecutable flag) as well.

You'll need to mprotect that section to add execute permissions first.

Note that some environments, such as SELinux , prohibit memory mappings with RWE , and that changing the mapping to RE will cause the program to not be able to write into its (normally writable) global data. This is why putting executable code into .bss is probably not among the best ideas.