Re: baffling assembly-level weirdness

Mirror of the gdb mailing list
 help / color / mirror / Atom feed

From: Mathieu Lacage <mathieu.lacage@gmail.com>
To: Paul Pluzhnikov <ppluzhnikov@google.com>
Cc: gdb@sourceware.org
Subject: Re: baffling assembly-level weirdness
Date: Tue, 27 Jan 2009 13:09:00 -0000	[thread overview]
Message-ID: <74fef6df0901270509s3d6d2075rb08989ea7e886823@mail.gmail.com> (raw)
In-Reply-To: <8ac60eac0901260851o2a93a13di8a6b8c9cd4f8c15f@mail.gmail.com>

On Mon, Jan 26, 2009 at 5:51 PM, Paul Pluzhnikov <ppluzhnikov@google.com> wrote:

>>> The following gdb session baffles me completely: %edx is reset to zero
>>> by the mov at address 0x0804ad62 instead of being set to the constant
>>> 0x804ad62. Of course, this code segfaults at $pc = 0x804ad68 when zero
>>> is dereferenced...
>>>
>>> Version: GNU gdb 6.8
>>>
>>> (gdb) disas $pc $pc+10
>>> Dump of assembler code from 0x804ad62 to 0x804ad6c:
>>> 0x0804ad62 <indent+50>:       mov    0x805e3c0,%edx
>>
>> This is a load from memory at address 0x805e3c0, in x86 syntax.
>
> Additional clues:
>
>  (gdb) p/a 0x805e3c0
>
> will likely print "stdout". If you break in main, and do
>
>  (gbd) x/a 0x805e3c0
>
> it will likely print something like:
>
>  0x8053ac0 <stdout>:   0x4dcdb5e0 <_IO_2_1_stdout_>
>
> It sounds like your program is corrupting stdout somewhere.
> The fastest way to find out where that happens:
>
>  (gdb) watch *(int **)0x8053ac0

You did put me on the right track so, in case this might be useful to
someone else, here is what was going on:

1) I am writing an ELF loader so, the bug was not in my program
corrupting the variable but in the variable not being initialized
correctly by the loader during relocation

2) the libc has a global stdout variable which is initialized with a
R_386_GLOB_DAT relocation by the loader:
mathieu@mathieu-boulot:~/code/elf-loader$ readelf -s
/lib/libc.so.6|grep stdout@@
  1063: 00135860     4 OBJECT  GLOBAL DEFAULT   32 stdout@@GLIBC_2.0
mathieu@mathieu-boulot:~/code/elf-loader$ readelf -r
/lib/libc.so.6|grep 00135860
00134f34  00042706 R_386_GLOB_DAT    00135860   stdout
00135860  00032d01 R_386_32          001354e0   _IO_2_1_stdout_

3) the main executable has a global stdout variable which is
referenced by the code in the main binary and initialized by a
R_386_COPY relocation:
mathieu@mathieu-boulot:~/code/elf-loader$ readelf -s /bin/ls|grep stdout@
    93: 0805e3c0     4 OBJECT  GLOBAL DEFAULT   25 stdout@GLIBC_2.0 (2)
mathieu@mathieu-boulot:~/code/elf-loader$ readelf -r /bin/ls|grep 0805e3c0
0805e3c0  00005d05 R_386_COPY        0805e3c0   stdout
which is expected to copy the value of the stdout symbol from the libc.so.6

4) it turns out that the symbol lookup associated to a R_*_COPY
relocation is supposed to ignore the main executable which is
something I had no idea about and adding an extra if statement to
ignore the main executable during symbol resolution for a R_*_COPY
reloc fixed the problem.

As a side-note, I really wonder why (3): none of the executables I
link myself contain an stdout variable so, I am somewhat curious as to
where this is coming from (I would expect each access to stdout from
the main binary to directly reference the symbol from the libc through
the GOT). But, well, next time.

anyway, thanks a lot to the very helpful souls here,
Mathieu
-- 
Mathieu Lacage <mathieu.lacage@gmail.com>

next prev parent reply	other threads:[~2009-01-27 13:09 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-01-26 15:24 Mathieu Lacage
2009-01-26 15:38 ` Pierre Muller
2009-01-26 17:35   ` Mathieu Lacage
2009-01-26 15:41 ` Daniel Jacobowitz
2009-01-26 16:51   ` Paul Pluzhnikov
2009-01-27 13:09     ` Mathieu Lacage [this message]
2009-01-27 17:53       ` Paul Pluzhnikov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=74fef6df0901270509s3d6d2075rb08989ea7e886823@mail.gmail.com \
    --to=mathieu.lacage@gmail.com \
    --cc=gdb@sourceware.org \
    --cc=ppluzhnikov@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox