0

I am trying to debug a segmentation fault in my assembly code. Here is the GDB output

Program received signal SIGSEGV, Segmentation fault.
0x0000000000424c50 in restore_context()
(gdb) disassemble restore_context
 Dump of assembler code for function restore_context:
   0x0000000000424c44 <+0>:     mov    0x8(%rsp),%rax
   0x0000000000424c49 <+5>:     mov    0x38(%rax),%rsp
   0x0000000000424c4d <+9>:     mov    (%rax),%rdx
 =>0x0000000000424c50 <+12>:    mov    %rdx,(%rsp)
   0x0000000000424c54 <+16>:    mov    0x18(%rax),%rbx
   0x0000000000424c58 <+20>:    mov    0x20(%rax),%rsi
   0x0000000000424c5c <+24>:    mov    0x28(%rax),%rdi
   0x0000000000424c60 <+28>:    mov    0x30(%rax),%rbp
   0x0000000000424c64 <+32>:    xor    %rax,%rax
   0x0000000000424c67 <+35>:    retq   
End of assembler dump.

By the little research I did , this looks like a over flow error. Can someone tell me how to debug this ? How to find this memory leak. Do we have some tool to inspect this or is their an error with my assembly code. Need help debugging this.

Here is the assembly code as well

.align  4,0x90
.global restore_context
.type   restore_context,@function

restore_context:

mov    8(%rsp),%rax     

mov    56(%rax), %rsp       
mov     0(%rax),%rdx    /* Fetch our return address */  
mov     %rdx, 0(%rsp)   /* Save our return address */ // overflow
mov     24(%rax),%rbx   
mov     32(%rax), %rsi      
mov     40(%rax), %rdi      
mov     48(%rax), %rbp
xor     %rax,%rax           
ret

This is the counterpart store_context()

.align  4,0x90
.global store_context
.type   store_context,@function

store_context:

mov   8(%rsp),%rax                              
mov    %rbx, 24(%rax)       
mov     %rsi, 32(%rax)      
mov     %rdi, 40(%rax)      
mov     %rbp, 48(%rax)      
mov     %rsp, 56(%rax)      
mov     0(%rsp), %rdx       
mov     %rdx,  0(%rax)      
xor     %rax,%rax       
inc     %rax
ret
Rags
  • 434
  • 2
  • 6
  • 20
  • I suspect you simply set `rsp` to a wrong value on line `+5`. – Jester May 14 '14 at 17:50
  • Thanks !! How do i verify that its being set to wrong value? As far as I can see , it seems to be set to the correct value. Can you suggest some changes which i can try out – Rags May 14 '14 at 17:52
  • Print the value in gdb, then cross-check if that memory region is what you want and that it is writable. – Jester May 14 '14 at 17:56
  • How does the counterpart (store_context?) look like? And how is this `restore_context` called? – Olaf Dietsche May 14 '14 at 17:58
  • Hey @OlafDietsche.. i have added store_context... restore_context is called from a C file, with a thread_t as a parameter restore_context(thread); – Rags May 14 '14 at 18:10
  • Everything seems fine. `store_context` and `restore_context` are balanced, AFAICS. The only error I can see, is modification of the context area or passing a wrong or different pointer. – Olaf Dietsche May 14 '14 at 18:45
  • Further investigation show that rax's value is always 0.. When in GDB i try info (u_int64_t*)(register rax+8) .. it shows 0.. similar for =32.. Any clue why the initial value is 0 ?? No wonder it gives a segmentation fault while restore – Rags May 15 '14 at 22:38

0 Answers0