What is that address you see in a buffer overflow segmentation fault?

Question

So basically every time I overflow a buffer, I see this:

 Program received signal SIGABRT, Aborted.                                 
 0x00007ffff7a47c37 in __GI_raise (sig=sig@entry=6)                        
      at ../nptl/sysdeps/unix/sysv/linux/raise.c:56                         
      56      ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory
 .

The question that I have is: what is 0x00007ffff7a47c37 ?

it is pretty far from RSP and RBP and before the program throw the segmentation fault if I do:

(gdb) break 12
(gdb) x/x $rip                                                            
    0x400654 <main+94>:     0xe0558d48

it seems not to be RIP as well.

my code:

#include <stdio.h>

int main(int argc, char *argv[])
{
    int dummy;
    int* rip = &dummy;
    printf("%p\n", rip);
    int *ret;
    char buf[20];
    strcpy(buf, argv[1]);
    ret = buf;
    printf("%p:%s\n", ret, buf);

    return 0;
}

I run the script as run $(perl -e 'print "A"x40')

Answer 1

它是argv变量的内存地址。

Answer 2

it seems not to be RIP as well.

Though it doesn't seem so to you, it may well be that there are code addresses far away from each other. Example:

(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00007f2b9480dd52 in __libc_start_main () from /lib64/libc.so.6
#2  0x0000000000400479 in _start ()

The value 0x00007ffff7a47c37 is definitely the instruction pointer where the signal was raised. You can even use the gdb command disas __GI_raise to verify.