I'm developing an UEFI program against GnuEFI (-lefi -lgnuefi). It is first compiled/linked as a shared object, then transformed into a EFI binary by objcopy (objcopy -j .text -j .sdata -j .data -j .dynamic -j .dynsym -j .rel -j .rela -j .reloc --target=efi-app-x86_64 in.so out.efi). So far, everything works nicely but I now need sprintf and have reproducible crashes. Namely, when I do
char text[128];
sprintf(text, "foo");
This works fine, but as soon as I try
char text[128];
sprintf(text, "foo %d", 12345);
The program crashes. I am emulating using QEMU/OVMF and receive the following problem:
!!!! X64 Exception Type - 06(#UD - Invalid Opcode) CPU Apic ID - 00000000 !!!!
RIP - 0000000005F7E00C, CS - 0000000000000038, RFLAGS - 0000000000000246
RAX - 0000000000000000, RCX - 0000000005F7E260, RDX - 0000000000000100
RBX - 0000000007EF59A0, RSP - 0000000007EF5970, RBP - 0000000005F7FED8
RSI - 0000000000000001, RDI - 0000000007EFC3F0
R8 - 0000000000003039, R9 - 0000000000000000, R10 - 000000000000000A
R11 - 0000000000002328, R12 - 0000000007EF5B00, R13 - 0000000000FFFFFF
R14 - 0000000000000000, R15 - 0000000005F86018
DS - 0000000000000030, ES - 0000000000000030, FS - 0000000000000030
GS - 0000000000000030, SS - 0000000000000030
CR0 - 0000000080010033, CR2 - 0000000000000000, CR3 - 0000000007801000
CR4 - 0000000000000668, CR8 - 0000000000000000
DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000
DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400
GDTR - 00000000075DC000 0000000000000047, LDTR - 0000000000000000
IDTR - 000000000704F018 0000000000000FFF, TR - 0000000000000000
FXSAVE_STATE - 0000000007EF55D0
!!!! Find image based on IP(0x5F7E00C) (No PDB) (ImageBase=0000000005F72000, EntryPoint=0000000005F75000) !!!!
This is unsurprising because the IP actually points into my .data segment, i.e., it absolutely is no valid code there. But how does it end up there? Is there something obvious I'm missing?
