From: Paul Pluzhnikov <ppluzhnikov@google.com>
To: 明覺 <shi.minjue@gmail.com>
Cc: gdb@sourceware.org
Subject: Re: how to debug this error by gdb?
Date: Mon, 11 May 2009 06:24:00 -0000 [thread overview]
Message-ID: <8ac60eac0905102323h49faa52eu72f03abc98223075@mail.gmail.com> (raw)
In-Reply-To: <6a8fced30905102154m5de0edb4w9ae77f6e9a3bb099@mail.gmail.com>
2009/5/10 明覺 <shi.minjue@gmail.com>:
> On Mon, May 11, 2009 at 11:11 AM, Eli Zaretskii <eliz@gnu.org> wrote:
>>> (gdb) run
>>> Breakpoint 1, glXWaitX () at glxcmds.c:660
>>> (gdb) print psc->driScreen->waitX
>>> $3 = (void (*)(__GLXDRIdrawable *)) 0x47206769666e6f63
>> ^^^^^^^^^^^^^^^^^^
>> This looks like ASCII text to me ("config G", little-endian). So I'd
>> try to see if some code that runs before this place could overflow
>> some buffer with plain text, and part of that text spilled into this
>> pointer.
> I do not understand, could give some advice about what to do? thanks
The 'psc->driScreen' points to some structure, containing waitX element.
That element was likely initialized to NULL at some point in execution,
and may have been initialized to point to some function later on.
Eli's conjecture (which I think is very likely correct) is that later
still, some other code did a strcpy(x, y), where 'x' is at a lower memory
address than psc->driScreen, and *does not have enough space* for string
'y', thus causing a buffer overflow. Further, string 'y' contained
"... config G..." in it, and these characters happened to overwrite
whatever bytes psc->driScreen->waitX used to contain. When you proceed
to call "config G" as if it were a legal pointer, SIGSEGV results.
The simplest way to track this down is probably to stop the
application when 'psc->driScreen->waitX' is initalized, and set a
watchpoint on it:
(gdb) watch *(int **)&psc->driScreen->waitX
If Eli's conjecture is true, above watchpoint will fire inside strcpy
(or some similar libc function) exactly when waitX is being corrupted.
An alternative (that I believe is also very likely) is that
psc->driScreen is simply dangling. That is harder to isolate with GDB.
If you run your program under Valgrind (which I strongly advise you to
do), it should be able to tell you exactly what the problem is for
either of the above guesses.
Cheers,
--
Paul Pluzhnikov
next prev parent reply other threads:[~2009-05-11 6:24 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-11 2:35 明覺
2009-05-11 3:12 ` Eli Zaretskii
2009-05-11 4:55 ` 明覺
2009-05-11 6:24 ` Paul Pluzhnikov [this message]
2009-05-11 17:21 ` Michael Snyder
2009-05-12 14:42 ` Frank Ch. Eigler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8ac60eac0905102323h49faa52eu72f03abc98223075@mail.gmail.com \
--to=ppluzhnikov@google.com \
--cc=gdb@sourceware.org \
--cc=shi.minjue@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox