帮助解释gdb:函数中的段错误
我正在尝试调试一个段错误,并且我从 gdb 中得到了以下输出:
(gdb) n
Program received signal SIGSEGV, Segmentation fault.
0x08048af9 in parse_option_list (ptr=0x6f72505f <Address 0x6f72505f out of bounds>, box_name=0x696d6978 <Address 0x696d6978 out of bounds>, option_list=0x313a7974,
num_elements=0x33313532) at submit.c:125
125 memcpy(&(option_list[(*num_elements)].value), value, 24);
(gdb) p num_elements
$15 = (int *) 0x33313532
(gdb) p *num_elements
Cannot access memory at address 0x33313532
(gdb)
在我看来,memcpy() 中的某些内容正在变得混乱。但我无法弄清楚问题到底是什么,因为该行引用了很多变量。
有人可以帮我弄清楚 parse_option_list... 中的 0x8048af9... 行告诉我什么吗?
我的函数签名是:
int parse_option_list(char *ptr, char *box_name,
struct option_list_values *option_list, int *num_elements)
这可能有用:
struct option_list_values {
char value[24];
char name[24];
};
此外,变量 value 和 name 不是段错误(但如果您认为它们是,我可以发布设置的代码这些值。)但是现在,如果我能理解这个 gdb 输出,我会很高兴!谢谢你!
I am trying to debug a segfault, and I have this output from gdb:
(gdb) n
Program received signal SIGSEGV, Segmentation fault.
0x08048af9 in parse_option_list (ptr=0x6f72505f <Address 0x6f72505f out of bounds>, box_name=0x696d6978 <Address 0x696d6978 out of bounds>, option_list=0x313a7974,
num_elements=0x33313532) at submit.c:125
125 memcpy(&(option_list[(*num_elements)].value), value, 24);
(gdb) p num_elements
$15 = (int *) 0x33313532
(gdb) p *num_elements
Cannot access memory at address 0x33313532
(gdb)
It looks to me like something in memcpy() is going haywire. But I can't figure out what exactly the problem is, since that line references so many variables.
Can somebody help figure out what the 0x8048af9 in parse_option_list... line is telling me?
My function signature is:
int parse_option_list(char *ptr, char *box_name,
struct option_list_values *option_list, int *num_elements)
And this might be useful:
struct option_list_values {
char value[24];
char name[24];
};
Also, the variables value and name are not segfaulting (but if you think they are, i can post the code which sets those values.) But right now, if I can understand this gdb output, I will be happy as a clam! Thank you!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您具有典型缓冲区溢出的所有迹象。所有堆栈参数的值都已被 ASCII 文本覆盖 - 以下是这些值的翻译(假设您有一个小端架构,看起来正确):
将它们连接在一起给出
"_Proximity:12513" - 如果这个子字符串看起来很熟悉,您应该能够跟踪该数据被复制到的位置 - 您将其复制到存储在堆栈上的数组中的某个位置,而无需进行适当的边界检查。You have all the signs of a classic buffer overflow. The values of all the stack parameters have been overwritten by ASCII text - here is the translation of those values (assuming you have a little-endian architecture, which looks right):
Concatenating them together gives
"_Proximity:12513"- if this substring looks familiar to you, you should be able to track down where that data is being copied around - somewhere you are copying it into an array stored on the stack, without proper bounds checking.0x8048af9 是指令指针 - 发生 SEGFAULT 时您的代码所在的内存中可执行代码的地址。
您确定 option_list[(*num_elements)].value 是有效地址吗?您可能会遇到缓冲区溢出,并覆盖一些不应该覆盖的内容。
如果 num_elements 是 option_list 的长度,则 option_list[(*num_elements)] 指的是列表末尾之后的位置。
0x8048af9 is the instruction pointer - the address of the executable code in memory that your code was at when the SEGFAULT occurred.
Are you sure that option_list[(*num_elements)].value is a valid address? You might have a buffer overflow, and be overwriting something you shouldn't be.
If num_elements is the length of option_list, then option_list[(*num_elements)] refers to just after the end of the list.
ptr=0x6f72505f - 地址 0x6f72505f 超出范围
这是本例中有用的部分
parse_option_list 的第一个输入无效。可能是未初始化的指针。
ptr=0x6f72505f - Address 0x6f72505f out of bounds
This is the useful part in this case
The first input to parse_option_list is invalid. Possibly an uninitialized pointer.