segmentation fault x86 <

2018-06-15 11:16:20

I have some asm programs made by my own compiler, and when i want to run them, they have at the very end a segmentation fault. All instructions are executed the way i want to, but the execution finishes by a segfault.

when i try to use gdb in order to look at the segfault, it appears that it always occurs at the line : 0x11ee90 <_dl_debug_state> push %ebp>

I don't even know what this line is, and firstly how to prevent it to cause a segfault.

here is an exemple of that kind of programm :

    file    "test_appel.c"
    .text                
.globl f  
    .type f, @function  
f:                        
    pushl   %ebp                     
    movl    %esp,   %ebp               
    subl    $16,    %esp
    movl    8(%ebp), %eax 
    pushl   %eax                        
    movl    12(%ebp), %eax 
    popl    %ecx          
    imull   %ecx,   %eax  
    movl    %eax,   16(%ebp) 
    movl    16(%ebp), %eax 
    leave
    ret         
    .section    .rodata
.LC0:
    .string "appel à fonction pour la multiplicationn"
.LC1:
    .string "resultat 2 * 3 = %dn"
    .text                
.globl main  
    .type main, @function  
main:                        
    pushl   %ebp                     
    movl    %esp,   %ebp               
    andl    $-16,   %esp  
    subl    $32,    %esp
    movl    $2, %eax 
    movl    %eax,   8(%ebp) 
    movl    $3, %eax 
    movl    %eax,   12(%ebp) 
    movl    12(%ebp), %eax 
    movl    %eax    ,4(%esp) 
    movl    8(%ebp), %eax 
    movl    %eax    ,0(%esp) 
    call    f
    movl    %eax,   4(%ebp) 
    movl    4(%esp),    %eax    
    movl    (%esp), %ecx     
    pushl   %eax             
    pushl   %ecx             
    movl     $.LC0, %eax 
    movl    %eax,   (%esp)  
    call    printf         
    popl    %ecx             
    popl    %eax             
    movl    %eax,   4(%esp)   
    movl    %ecx,   (%esp)    
    movl    4(%esp),%eax      
    movl    (%esp), %ecx     
    pushl   %eax             
    pushl   %ecx             
    movl    4(%ebp), %eax 
    movl    %eax,   %edx
    movl    %edx,   4(%esp)                    
    movl    $.LC1,  (%esp)  
    call    printf                            
    popl    %ecx             
    popl    %eax             
    movl    %eax,   4(%esp)   
    movl    %ecx,   (%esp)    
    leave
    ret

segfault, it appears that it always occurs at the line : 0x11ee90 <_dl_debug_state> push %ebp>

That just means that you've corrupted or exhausted the stack.

Your compiler does in fact appear to emit code that corrupts stack all over the place. In particular these instructions:

movl    %eax,   8(%ebp)
...
movl    %eax,   12(%ebp)

corrupt local variables in your caller (which is part of libc), so it's not at all surprising to see a crash after main returns.

You probably meant to emit: movl %eax, -8(%ebp) and movl %eax, -12(%ebp) .

when i try to use gdb in order to look at the segfault, it appears that it always occurs at the line : 0x11ee90 <_dl_debug_state> push %ebp>

The segmentation fault is occurring when during a function call a base pointer : %ebp is being pushed onto the stack. This looks like a repercussion of a stack corruption that occurred earlier .

you haven't shared the complete stack trace from GDB and nor the address space information.

In gdb when it seg faults do a disassemble to get more info and also the bt to get all the functions being called to get to this.

Problem is you are corrupting the return instruction. As you know, ebp + 4 always contains the return instruction address where the control jumps after execution of the called function. In your case you have statement like this:

       movl    %eax,   4(%ebp)

You are writing the return value of 'f()' into ebp+4 which corrupts the return instruction address. You remove this statement you will not get segmentation fault.

链接地址: http://www.djcxy.com/p/43894.html

上一篇: 如何知道我的代码中的分段错误？

下一篇: 分段错误x86 <