From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-return-36818-listarch-gdb=sources.redhat.com@sourceware.org>
Received: (qmail 7775 invoked by alias); 5 Feb 2010 19:58:13 -0000
Received: (qmail 7766 invoked by uid 22791); 5 Feb 2010 19:58:12 -0000
X-SWARE-Spam-Status: No, hits=-2.8 required=5.0 	tests=AWL,BAYES_00,SPF_PASS
X-Spam-Check-By: sourceware.org
Received: from mail-ew0-f223.google.com (HELO mail-ew0-f223.google.com) (209.85.219.223)     by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Fri, 05 Feb 2010 19:58:08 +0000
Received: by ewy23 with SMTP id 23so688439ewy.4         for <gdb@sourceware.org>; Fri, 05 Feb 2010 11:58:05 -0800 (PST)
Received: by 10.213.37.206 with SMTP id y14mr1557695ebd.4.1265399885711;         Fri, 05 Feb 2010 11:58:05 -0800 (PST)
Received: from dslabpc24.epfl.ch (dslabpc24.epfl.ch [128.178.77.224])         by mx.google.com with ESMTPS id 13sm1201993ewy.9.2010.02.05.11.58.04         (version=TLSv1/SSLv3 cipher=RC4-MD5);         Fri, 05 Feb 2010 11:58:04 -0800 (PST)
Subject: Re: backtrace when corrupt stack
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset=us-ascii
From: Cristian Zamfir <cristian.zamfir@epfl.ch>
In-Reply-To: <m2hbpvec59.fsf@igel.home>
Date: Fri, 05 Feb 2010 19:58:00 -0000
Cc:  <gdb@sourceware.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <251102A0-163B-4484-AEFF-D13133F6F1D8@epfl.ch>
References: <33F51508-83E5-4791-ADA3-DA8591582C49@epfl.ch> <m2hbpvec59.fsf@igel.home>
To: Andreas Schwab <schwab@linux-m68k.org>
X-IsSubscribed: yes
Mailing-List: contact gdb-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb.sourceware.org>
List-Subscribe: <mailto:gdb-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb/>
List-Post: <mailto:gdb@sourceware.org>
List-Help: <mailto:gdb-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-owner@sourceware.org
X-SW-Source: 2010-02/txt/msg00036.txt.bz2


On Feb 5, 2010, at 8:05 PM, Andreas Schwab wrote:
>> I would like to get the function name and the arguments from frame 5 (se=
e output below) --- the one called from the function Log()). The backtrace =
suggests this is __stack_chk_fail () from libc but that is not correct.
>=20
> Why do you think so?  That frame looks pretty reasonable.
>=20
> Andreas.

I am pretty sure that the function in frame #5 should be vsprintf() which i=
s passed a buffer with insufficiently allocated space. But on the stack I s=
ee __stack_chk_fail () instead of vsprintf ().=20

My guess is that glibc detects a stack smashing and in the backtrace I see =
the abort handler instead of the call to vsprintf. Both vsprintf and Log ha=
ve variable length arguments, but I am not sure that explains anything.=20=
=20

Thanks,
Cristi=20=20