排除分段故障

发布于 2024-08-21 18:11:21 字数 12175 浏览 10 评论 0原文

我在某些 C 代码中遇到分段错误,我不知道如何阅读此代码,以便找出问题所在。

有谁有任何技术可以帮助我吗?你有什么想法吗?

这是 gdb 输出:

GNU gdb 6.8 for GNAT Pro 6.2.1 (20090115) [rev:143235]
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
See your support agreement for details of warranty and support.
If you do not have a current support agreement, then there is absolutely
no warranty for this version of GDB.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.8"...
Reading symbols from /usr/lib/libsocket.so.1...done.
Loaded symbols for /usr/lib/libsocket.so.1
Reading symbols from /usr/lib/libnsl.so.1...done.
Loaded symbols for /usr/lib/libnsl.so.1
Reading symbols from /usr/lib/libgen.so.1...done.
Loaded symbols for /usr/lib/libgen.so.1
Reading symbols from /usr/lib/libintl.so.1...
warning: Lowest section in /usr/lib/libintl.so.1 is .dynamic at 00000074
done.
Loaded symbols for /usr/lib/libintl.so.1
Reading symbols from /usr/lib/libw.so.1...
warning: Lowest section in /usr/lib/libw.so.1 is .dynamic at 00000074
done.
Loaded symbols for /usr/lib/libw.so.1
Reading symbols from /usr/lib/libm.so.1...done.
Loaded symbols for /usr/lib/libm.so.1
Reading symbols from /opt/services/AZJCommonZJX/solaris/lib/libazjcommonjcxC.so...done.
Loaded symbols for /opt/services/AZJCommonZJX/solaris/lib/libazjcommonjcxC.so
Reading symbols from /usr/openwin/lib/libXext.so.0...done.
Loaded symbols for /usr/openwin/lib/libXext.so.0
Reading symbols from /usr/openwin/lib/libX11.so.4...done.
Loaded symbols for /usr/openwin/lib/libX11.so.4
Reading symbols from /usr/openwin/lib/libXmu.so.4...done.
Loaded symbols for /usr/openwin/lib/libXmu.so.4
Reading symbols from /usr/openwin/lib/libXt.so.4...done.
Loaded symbols for /usr/openwin/lib/libXt.so.4
Reading symbols from /usr/dt/lib/libXm.so.3...done.
Loaded symbols for /usr/dt/lib/libXm.so.3
Reading symbols from /usr/lib/libc.so.1...done.
Loaded symbols for /usr/lib/libc.so.1
Reading symbols from /opt/services/AZJCommonWork/solaris/lib/libazjcommonwork.so...done.
Loaded symbols for /opt/services/AZJCommonWork/solaris/lib/libazjcommonwork.so
Reading symbols from /opt/services/AZJCommonWork/solaris/lib/libazjcommonworkC.so...done.
Loaded symbols for /opt/services/AZJCommonWork/solaris/lib/libazjcommonworkC.so
Reading symbols from /app/gnatpro6.2.1/lib/gcc/sparc-sun-solaris2.8/4.3.3/rts-native/adalib/libgnarl-6.2.so...done.
Loaded symbols for /opt/tools/SunOS/gnatpro6.2.1/lib/gcc/sparc-sun-solaris2.8/4.3.3/adalib/libgnarl-6.2.so
Reading symbols from /app/gnatpro6.2.1/lib/gcc/sparc-sun-solaris2.8/4.3.3/rts-native/adalib/libgnat-6.2.so...done.
Loaded symbols for /opt/tools/SunOS/gnatpro6.2.1/lib/gcc/sparc-sun-solaris2.8/4.3.3/adalib/libgnat-6.2.so
Reading symbols from /usr/lib/libpthread.so.1...
warning: Lowest section in /usr/lib/libpthread.so.1 is .dynamic at 00000074
done.
Loaded symbols for /usr/lib/libpthread.so.1
Reading symbols from /usr/lib/librt.so.1...done.
Loaded symbols for /usr/lib/librt.so.1
Reading symbols from /app/gnatpro6.2.1/lib/libstdc++.so.6...done.
Loaded symbols for /opt/tools/SunOS/gnatpro6.2.1/lib/libstdc++.so.6
Reading symbols from /app/gnatpro6.2.1/lib/libgcc_s.so.1...done.
Loaded symbols for /opt/tools/SunOS/gnatpro6.2.1/lib/libgcc_s.so.1
Reading symbols from /usr/lib/libthread.so.1...
warning: Lowest section in /usr/lib/libthread.so.1 is .dynamic at 00000074
done.
Loaded symbols for /usr/lib/libthread.so.1
Reading symbols from /usr/lib/libaio.so.1...done.
Loaded symbols for /usr/lib/libaio.so.1
Reading symbols from /usr/lib/libmd.so.1...done.
Loaded symbols for /usr/lib/libmd.so.1
Reading symbols from /usr/lib/libm.so.2...done.
Loaded symbols for /usr/lib/libm.so.2
Reading symbols from /platform/sun4v/lib/libc_psr.so.1...done.
Loaded symbols for /platform/SUNW,Sun-Fire-T200/lib/libc_psr.so.1
Reading symbols from /lib/ld.so.1...done.
Loaded symbols for /lib/ld.so.1
Core was generated by `./solaris/apsui -aps_instance 1006 -aps_ato 0 -reject_menu_tearoff -aps_ipc_'.
Program terminated with signal 11, Segmentation fault.
[New process 75224    ]
#0  0x7f1e4d00 in _XmGetFocusData () from /usr/dt/lib/libXm.so.3

这是 gdb backtrace full 显示的内容:

(gdb) bt full
#0  0x7f1e4d00 in _XmGetFocusData () from /usr/dt/lib/libXm.so.3
No symbol table info available.
#1  0x7f1e2768 in _XmNavigInitialize () from /usr/dt/lib/libXm.so.3
No symbol table info available.
#2  0x7f1e8adc in Initialize () from /usr/dt/lib/libXm.so.3
No symbol table info available.
#3  0x7f357760 in CallInitialize () from /usr/openwin/lib/libXt.so.4
No symbol table info available.
#4  0x7f3576b4 in CallInitialize () from /usr/openwin/lib/libXt.so.4
No symbol table info available.
#5  0x7f3576b4 in CallInitialize () from /usr/openwin/lib/libXt.so.4
No symbol table info available.
#6  0x7f353804 in xtCreate () from /usr/openwin/lib/libXt.so.4
No symbol table info available.
#7  0x7f35bf0c in _XtCreateWidget () from /usr/openwin/lib/libXt.so.4
No symbol table info available.
#8  0x7f35bc8c in XtCreateWidget () from /usr/openwin/lib/libXt.so.4
No symbol table info available.
#9  0x7f6026f8 in create_my_window (win=0xd3bc0)
    at /opt/services/AZJCommonZJX/src/uim/create/create_my_window.c:180
    n_args = 0
    args = {{name = 0x0, value = 0} }
    err_msg = '\0' , "ÿ¿Ïä", '\0' , "main_window_menu\000T_CMD MARITIME_TGT_CMD TEST \000K1\177}al\000\000\000\004\000\000\000\001\000\000\000\000"...
    shell = (Widget) 0xd50b8
    object_width = 0
    object_height = 1660944384
    window_name = "TBM_PrimaryWin\000ä\000\000\000\000\177ÿÿø\177ÿü\000\177\023\222¤\000\000 \000\000\f\215ð\000\f\217 \177\023\222¬\177ÿü\000\000\000\000\000ÿ¿Î\200\177\005f,\000\000\000\000\177\023Vx\000\fO \000\aÀ\020\000\fO \1772*\000ui_ipc_xref."
    icon_pixmap = 8332422
    obj = (gen_obj_list_t *) 0x6b0
    vis = (vis_list_t *) 0x7f832bb8
    toolbar = (toolbar_t *) 0x0
#10 0x7f5f524c in create_my_window (in_buff=0x19750 "main_window_menu")
    at /opt/services/AZJCommonZJX/src/uim/create/create_my_window.c:431
    func_name = "create_my_window"
    str = "\000\000\000\000\000\000\000\000¿¿Ä6'yC \000\000\000\000\000\000\000\000\177\235p0\000\000\000\000\000\003eÈ\000\003e¸\000\000\000\004ÿÿ\000\000\000\000\000\000ÿÿÿß\000\000\000\017\000\000\000\017\000\003^\200ÿ¿Ô\000\000\000\000\000\000\000\000\001\000\000\000\004\000\000\000\017ÿ¿Ó \177\2133, "\001\000\000\000\234\000\000\000\000\000\000\000\036\000\000\000\000\000\rP\000ÿ¿Ô \177\213\022\020\000"...
    ptr = 0x19760 ""
    keyword = 0x8a130 ""
    window_name = 0x8a130 ""
---Type  to continue, or q  to quit---
    title_name = "\000¿ÒØ\177\211îÄ\000\000\000\000\000\000\000\004", '\0' , "\003e¸\000\000\000\004ÿÿ\000\000\000\000\000\000ÿÿÿß\000\000\000\017\000\000\000 \000\001\023T\177¿sÈ\177·\fà\005øص\000\000\000@\177·\020Xÿ¿Ó8"
    full_title_name = 0x2b870 "TAP"
    object_width = 2141025804
    object_height = 1
    window_width = 0
    window_height = 0
    first_object = 1
    other_obj = 0
    centered_max_width = 18866798

这是 dbx 输出:

For information about new features see `help changes'
To remove this message, put `dbxenv suppress_startup_message 7.7' in your .dbxrc
Reading apsui
core file header read successfully
Reading ld.so.1
Reading libsocket.so.1
Reading libnsl.so.1
Reading libgen.so.1
Reading libintl.so.1
Reading libw.so.1
Reading libm.so.1
Reading librt.so.1
Reading libazjcommonjcxC.so
Reading libXext.so.0
Reading libX11.so.4
Reading libXmu.so.4
Reading libXt.so.4
Reading libXm.so.3
Reading libazjcommonwork.so
Reading libazjcommonworkC.so
Reading libgnarl-6.2.so
Reading libgnat-6.2.so
Reading libpthread.so.1
Reading libc.so.1
Reading libaio.so.1
Reading libmd.so.1
Reading libstdc++.so.6.0.10
Reading libgcc_s.so.1
Reading libthread.so.1
Reading libm.so.2
Reading libc_psr.so.1
t@1 (l@1) program terminated by signal SEGV (no mapping at the fault address)
0x7f264d00: _XmGetFocusData+0x0098: ld       [%o0], %o1
Current function is create_my_window
  180     win->main_window = MyWindow(shell, win->name, args, n_args);
>check -all
access checking - ON
memuse checking - ON
Running: apsui 
(process id 18052)
Reading rtcapihook.so
Reading libdl.so.1
Reading rtcaudit.so
Reading libmapmalloc.so.1
Reading rtcboot.so
Reading librtc.so
RTC: Enabling Error Checking...
RTC: Using UltraSparc trap mechanism
RTC: See `help rtc showmap' and `help rtc limitations' for details.
RTC: Running program...
azjcommonworkdummy.adb elaborated
 User Interface version TOOLKIT : 22 MAR 2010 UIMPID=18052
Read from unallocated (rua) on thread 1:
Attempting to read 4 bytes through NULL pointer
t@1 (l@1) stopped in _XmGetFocusData at 0x5d164d00
0x5d164d00: _XmGetFocusData+0x0098: ld       [%o0], %o1
Current function is create_my_window
  180     win->main_window = MyWindow(shell, win->name, args, n_args);

这是我可以修改的堆栈跟踪中的最后一个函数调用(不在外部库中 - 在 create_my_window 中).. 此类的完整代码可以在这里看到: http://utilitybase.com/paste/26607

void create_my_window( window_t *win)
{
  Cardinal n_args;
  Arg      args[MAX_ARGS];

  Widget   shell = NULL;

//MORE STUFF HERE

  memset(&(args), 0, sizeof(Arg)*MAX_ARGS); n_args = 0;
  if (win->attributes != PRIMARY_WINDOW) {
    XtSetArg(args[n_args], XmNtopAttachment, XmATTACH_FORM); n_args++;
    XtSetArg(args[n_args], XmNbottomAttachment, XmATTACH_FORM); n_args++;
    XtSetArg(args[n_args], XmNleftAttachment, XmATTACH_FORM); n_args++;
    XtSetArg(args[n_args], XmNrightAttachment, XmATTACH_FORM); n_args++;
    XtSetArg(args[n_args], XmNtopOffset, 0); n_args++;
    XtSetArg(args[n_args], XmNbottomOffset, 0); n_args++;
    XtSetArg(args[n_args], XmNleftOffset, 0); n_args++;
    XtSetArg(args[n_args], XmNrightOffset, 0); n_args++;
  }
  win->main_window = XmCreateMainWindow(shell, win->name, args, n_args);

编辑

一个断点,并打印出了一些值(不确定这是否有帮助 - 我是 n00b):

Breakpoint 1, create_my_window (win=0x9b378)
    at /opt/services/AZJCommonZJX/src/jzs/create/create_my_window.c:179
179   printf("%d",n_args);
(gdb) p *win
$1 = {struct_type = 1045, next = 0x0, hash_name = 971, 
  name = 0x994e8 "error_log", widget = 0x0, main_window = 0x0, workarea = 0x0, 
  menu_bar = 0x0, message_window = 0x0, window_RC = 0x0, working_box = 0, 
  working_identifier = 0x0, has_message_area = 0, pos = {x = 0, y = 0}, 
  illegal_char_set = 0x0, height = 0, width = 0, configured = 0, 
  actions = 0x0, title = 0x99d18, help_text = 0x0, groups = 0x0, 
  scroll_bars = 0x0, write_protect = 0, attributes = 0, initial_focus = {
    obj_type = 0, obj_name = 0x0, area = 0x0}, text_edit = {
    text_selected_widget = 0x0, text_focus_widget = 0x0, updated_widget = 0x0, 
    start = 0, end = 0, updated_text = 0x0, last_operation = 0}, 
  close_rqt = 0x0, kill_application_action_list_name = 0x0, parent = 0x0, 
  gen_objs = 0x99da0, panes = 0x0, table_list = 0x0, selected_table = 0x0, 
  dialogs = 0x0, has_been_loaded = 0 '\0', source_file_name = 0x0}
(gdb) p *shell
$2 = {core = {self = 0x9db50, widget_class = 0xfec7897c, parent = 0x0, 
    xrm_name = 466, being_destroyed = 0 '\0', destroy_callbacks = 0x9ae58, 
    constraints = 0x0, x = 0, y = 0, width = 0, height = 0, border_width = 1, 
    managed = 0 '\0', sensitive = 1 '\001', ancestor_sensitive = 1 '\001', 
    event_table = 0x9ad98, tm = {translations = 0x0, proc_table = 0x0, 
      current_state = 0x0, lastEventTime = 0}, accelerators = 0x0, 
    border_pixel = 0, border_pixmap = 2, popup_list = 0x0, num_popups = 0, 
    name = 0x7776e "TBM_Dialog_Fixed", screen = 0x7a7e0, colormap = 32, 
    window = 0, depth = 24, background_pixel = 12825262, 
    background_pixmap = 2, visible = 1 '\001', mapped_when_managed = 1 '\001'}}
(gdb) p *args
$3 = {name = 0x0, value = 0}
(gdb) p *n_args
Cannot access memory at address 0x0
(gdb) p n_args
$4 = 0
(gdb) p args
$5 = {{name = 0x0, value = 0} <repeats 20 times>}

I am getting a segmentation fault in some C code, and I cannot figure out how to read this so I can figure out the problem..

Does anyone have any techniques that can help me? Does anything jump out to you?

Here is gdb output:

GNU gdb 6.8 for GNAT Pro 6.2.1 (20090115) [rev:143235]
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
See your support agreement for details of warranty and support.
If you do not have a current support agreement, then there is absolutely
no warranty for this version of GDB.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.8"...
Reading symbols from /usr/lib/libsocket.so.1...done.
Loaded symbols for /usr/lib/libsocket.so.1
Reading symbols from /usr/lib/libnsl.so.1...done.
Loaded symbols for /usr/lib/libnsl.so.1
Reading symbols from /usr/lib/libgen.so.1...done.
Loaded symbols for /usr/lib/libgen.so.1
Reading symbols from /usr/lib/libintl.so.1...
warning: Lowest section in /usr/lib/libintl.so.1 is .dynamic at 00000074
done.
Loaded symbols for /usr/lib/libintl.so.1
Reading symbols from /usr/lib/libw.so.1...
warning: Lowest section in /usr/lib/libw.so.1 is .dynamic at 00000074
done.
Loaded symbols for /usr/lib/libw.so.1
Reading symbols from /usr/lib/libm.so.1...done.
Loaded symbols for /usr/lib/libm.so.1
Reading symbols from /opt/services/AZJCommonZJX/solaris/lib/libazjcommonjcxC.so...done.
Loaded symbols for /opt/services/AZJCommonZJX/solaris/lib/libazjcommonjcxC.so
Reading symbols from /usr/openwin/lib/libXext.so.0...done.
Loaded symbols for /usr/openwin/lib/libXext.so.0
Reading symbols from /usr/openwin/lib/libX11.so.4...done.
Loaded symbols for /usr/openwin/lib/libX11.so.4
Reading symbols from /usr/openwin/lib/libXmu.so.4...done.
Loaded symbols for /usr/openwin/lib/libXmu.so.4
Reading symbols from /usr/openwin/lib/libXt.so.4...done.
Loaded symbols for /usr/openwin/lib/libXt.so.4
Reading symbols from /usr/dt/lib/libXm.so.3...done.
Loaded symbols for /usr/dt/lib/libXm.so.3
Reading symbols from /usr/lib/libc.so.1...done.
Loaded symbols for /usr/lib/libc.so.1
Reading symbols from /opt/services/AZJCommonWork/solaris/lib/libazjcommonwork.so...done.
Loaded symbols for /opt/services/AZJCommonWork/solaris/lib/libazjcommonwork.so
Reading symbols from /opt/services/AZJCommonWork/solaris/lib/libazjcommonworkC.so...done.
Loaded symbols for /opt/services/AZJCommonWork/solaris/lib/libazjcommonworkC.so
Reading symbols from /app/gnatpro6.2.1/lib/gcc/sparc-sun-solaris2.8/4.3.3/rts-native/adalib/libgnarl-6.2.so...done.
Loaded symbols for /opt/tools/SunOS/gnatpro6.2.1/lib/gcc/sparc-sun-solaris2.8/4.3.3/adalib/libgnarl-6.2.so
Reading symbols from /app/gnatpro6.2.1/lib/gcc/sparc-sun-solaris2.8/4.3.3/rts-native/adalib/libgnat-6.2.so...done.
Loaded symbols for /opt/tools/SunOS/gnatpro6.2.1/lib/gcc/sparc-sun-solaris2.8/4.3.3/adalib/libgnat-6.2.so
Reading symbols from /usr/lib/libpthread.so.1...
warning: Lowest section in /usr/lib/libpthread.so.1 is .dynamic at 00000074
done.
Loaded symbols for /usr/lib/libpthread.so.1
Reading symbols from /usr/lib/librt.so.1...done.
Loaded symbols for /usr/lib/librt.so.1
Reading symbols from /app/gnatpro6.2.1/lib/libstdc++.so.6...done.
Loaded symbols for /opt/tools/SunOS/gnatpro6.2.1/lib/libstdc++.so.6
Reading symbols from /app/gnatpro6.2.1/lib/libgcc_s.so.1...done.
Loaded symbols for /opt/tools/SunOS/gnatpro6.2.1/lib/libgcc_s.so.1
Reading symbols from /usr/lib/libthread.so.1...
warning: Lowest section in /usr/lib/libthread.so.1 is .dynamic at 00000074
done.
Loaded symbols for /usr/lib/libthread.so.1
Reading symbols from /usr/lib/libaio.so.1...done.
Loaded symbols for /usr/lib/libaio.so.1
Reading symbols from /usr/lib/libmd.so.1...done.
Loaded symbols for /usr/lib/libmd.so.1
Reading symbols from /usr/lib/libm.so.2...done.
Loaded symbols for /usr/lib/libm.so.2
Reading symbols from /platform/sun4v/lib/libc_psr.so.1...done.
Loaded symbols for /platform/SUNW,Sun-Fire-T200/lib/libc_psr.so.1
Reading symbols from /lib/ld.so.1...done.
Loaded symbols for /lib/ld.so.1
Core was generated by `./solaris/apsui -aps_instance 1006 -aps_ato 0 -reject_menu_tearoff -aps_ipc_'.
Program terminated with signal 11, Segmentation fault.
[New process 75224    ]
#0  0x7f1e4d00 in _XmGetFocusData () from /usr/dt/lib/libXm.so.3

Here is what gdb backtrace full shows:

(gdb) bt full
#0  0x7f1e4d00 in _XmGetFocusData () from /usr/dt/lib/libXm.so.3
No symbol table info available.
#1  0x7f1e2768 in _XmNavigInitialize () from /usr/dt/lib/libXm.so.3
No symbol table info available.
#2  0x7f1e8adc in Initialize () from /usr/dt/lib/libXm.so.3
No symbol table info available.
#3  0x7f357760 in CallInitialize () from /usr/openwin/lib/libXt.so.4
No symbol table info available.
#4  0x7f3576b4 in CallInitialize () from /usr/openwin/lib/libXt.so.4
No symbol table info available.
#5  0x7f3576b4 in CallInitialize () from /usr/openwin/lib/libXt.so.4
No symbol table info available.
#6  0x7f353804 in xtCreate () from /usr/openwin/lib/libXt.so.4
No symbol table info available.
#7  0x7f35bf0c in _XtCreateWidget () from /usr/openwin/lib/libXt.so.4
No symbol table info available.
#8  0x7f35bc8c in XtCreateWidget () from /usr/openwin/lib/libXt.so.4
No symbol table info available.
#9  0x7f6026f8 in create_my_window (win=0xd3bc0)
    at /opt/services/AZJCommonZJX/src/uim/create/create_my_window.c:180
    n_args = 0
    args = {{name = 0x0, value = 0} }
    err_msg = '\0' , "ÿ¿Ïä", '\0' , "main_window_menu\000T_CMD MARITIME_TGT_CMD TEST \000K1\177}al\000\000\000\004\000\000\000\001\000\000\000\000"...
    shell = (Widget) 0xd50b8
    object_width = 0
    object_height = 1660944384
    window_name = "TBM_PrimaryWin\000ä\000\000\000\000\177ÿÿø\177ÿü\000\177\023\222¤\000\000 \000\000\f\215ð\000\f\217 \177\023\222¬\177ÿü\000\000\000\000\000ÿ¿Î\200\177\005f,\000\000\000\000\177\023Vx\000\fO \000\aÀ\020\000\fO \1772*\000ui_ipc_xref."
    icon_pixmap = 8332422
    obj = (gen_obj_list_t *) 0x6b0
    vis = (vis_list_t *) 0x7f832bb8
    toolbar = (toolbar_t *) 0x0
#10 0x7f5f524c in create_my_window (in_buff=0x19750 "main_window_menu")
    at /opt/services/AZJCommonZJX/src/uim/create/create_my_window.c:431
    func_name = "create_my_window"
    str = "\000\000\000\000\000\000\000\000¿¿Ä6'yC \000\000\000\000\000\000\000\000\177\235p0\000\000\000\000\000\003eÈ\000\003e¸\000\000\000\004ÿÿ\000\000\000\000\000\000ÿÿÿß\000\000\000\017\000\000\000\017\000\003^\200ÿ¿Ô\000\000\000\000\000\000\000\000\001\000\000\000\004\000\000\000\017ÿ¿Ó \177\2133, "\001\000\000\000\234\000\000\000\000\000\000\000\036\000\000\000\000\000\rP\000ÿ¿Ô \177\213\022\020\000"...
    ptr = 0x19760 ""
    keyword = 0x8a130 ""
    window_name = 0x8a130 ""
---Type  to continue, or q  to quit---
    title_name = "\000¿ÒØ\177\211îÄ\000\000\000\000\000\000\000\004", '\0' , "\003e¸\000\000\000\004ÿÿ\000\000\000\000\000\000ÿÿÿß\000\000\000\017\000\000\000 \000\001\023T\177¿sÈ\177·\fà\005øص\000\000\000@\177·\020Xÿ¿Ó8"
    full_title_name = 0x2b870 "TAP"
    object_width = 2141025804
    object_height = 1
    window_width = 0
    window_height = 0
    first_object = 1
    other_obj = 0
    centered_max_width = 18866798

Here is dbx output:

For information about new features see `help changes'
To remove this message, put `dbxenv suppress_startup_message 7.7' in your .dbxrc
Reading apsui
core file header read successfully
Reading ld.so.1
Reading libsocket.so.1
Reading libnsl.so.1
Reading libgen.so.1
Reading libintl.so.1
Reading libw.so.1
Reading libm.so.1
Reading librt.so.1
Reading libazjcommonjcxC.so
Reading libXext.so.0
Reading libX11.so.4
Reading libXmu.so.4
Reading libXt.so.4
Reading libXm.so.3
Reading libazjcommonwork.so
Reading libazjcommonworkC.so
Reading libgnarl-6.2.so
Reading libgnat-6.2.so
Reading libpthread.so.1
Reading libc.so.1
Reading libaio.so.1
Reading libmd.so.1
Reading libstdc++.so.6.0.10
Reading libgcc_s.so.1
Reading libthread.so.1
Reading libm.so.2
Reading libc_psr.so.1
t@1 (l@1) program terminated by signal SEGV (no mapping at the fault address)
0x7f264d00: _XmGetFocusData+0x0098: ld       [%o0], %o1
Current function is create_my_window
  180     win->main_window = MyWindow(shell, win->name, args, n_args);
>check -all
access checking - ON
memuse checking - ON
Running: apsui 
(process id 18052)
Reading rtcapihook.so
Reading libdl.so.1
Reading rtcaudit.so
Reading libmapmalloc.so.1
Reading rtcboot.so
Reading librtc.so
RTC: Enabling Error Checking...
RTC: Using UltraSparc trap mechanism
RTC: See `help rtc showmap' and `help rtc limitations' for details.
RTC: Running program...
azjcommonworkdummy.adb elaborated
 User Interface version TOOLKIT : 22 MAR 2010 UIMPID=18052
Read from unallocated (rua) on thread 1:
Attempting to read 4 bytes through NULL pointer
t@1 (l@1) stopped in _XmGetFocusData at 0x5d164d00
0x5d164d00: _XmGetFocusData+0x0098: ld       [%o0], %o1
Current function is create_my_window
  180     win->main_window = MyWindow(shell, win->name, args, n_args);

Here is the last function call in the stack trace that I can modify (Not in an external library - in create_my_window).. The full code for this class can be seen here: http://utilitybase.com/paste/26607

void create_my_window( window_t *win)
{
  Cardinal n_args;
  Arg      args[MAX_ARGS];

  Widget   shell = NULL;

//MORE STUFF HERE

  memset(&(args), 0, sizeof(Arg)*MAX_ARGS); n_args = 0;
  if (win->attributes != PRIMARY_WINDOW) {
    XtSetArg(args[n_args], XmNtopAttachment, XmATTACH_FORM); n_args++;
    XtSetArg(args[n_args], XmNbottomAttachment, XmATTACH_FORM); n_args++;
    XtSetArg(args[n_args], XmNleftAttachment, XmATTACH_FORM); n_args++;
    XtSetArg(args[n_args], XmNrightAttachment, XmATTACH_FORM); n_args++;
    XtSetArg(args[n_args], XmNtopOffset, 0); n_args++;
    XtSetArg(args[n_args], XmNbottomOffset, 0); n_args++;
    XtSetArg(args[n_args], XmNleftOffset, 0); n_args++;
    XtSetArg(args[n_args], XmNrightOffset, 0); n_args++;
  }
  win->main_window = XmCreateMainWindow(shell, win->name, args, n_args);

EDIT

I added a breakpoint in gdb right before the function call, and printed out some values (Not sure if this will help - I am a n00b):

Breakpoint 1, create_my_window (win=0x9b378)
    at /opt/services/AZJCommonZJX/src/jzs/create/create_my_window.c:179
179   printf("%d",n_args);
(gdb) p *win
$1 = {struct_type = 1045, next = 0x0, hash_name = 971, 
  name = 0x994e8 "error_log", widget = 0x0, main_window = 0x0, workarea = 0x0, 
  menu_bar = 0x0, message_window = 0x0, window_RC = 0x0, working_box = 0, 
  working_identifier = 0x0, has_message_area = 0, pos = {x = 0, y = 0}, 
  illegal_char_set = 0x0, height = 0, width = 0, configured = 0, 
  actions = 0x0, title = 0x99d18, help_text = 0x0, groups = 0x0, 
  scroll_bars = 0x0, write_protect = 0, attributes = 0, initial_focus = {
    obj_type = 0, obj_name = 0x0, area = 0x0}, text_edit = {
    text_selected_widget = 0x0, text_focus_widget = 0x0, updated_widget = 0x0, 
    start = 0, end = 0, updated_text = 0x0, last_operation = 0}, 
  close_rqt = 0x0, kill_application_action_list_name = 0x0, parent = 0x0, 
  gen_objs = 0x99da0, panes = 0x0, table_list = 0x0, selected_table = 0x0, 
  dialogs = 0x0, has_been_loaded = 0 '\0', source_file_name = 0x0}
(gdb) p *shell
$2 = {core = {self = 0x9db50, widget_class = 0xfec7897c, parent = 0x0, 
    xrm_name = 466, being_destroyed = 0 '\0', destroy_callbacks = 0x9ae58, 
    constraints = 0x0, x = 0, y = 0, width = 0, height = 0, border_width = 1, 
    managed = 0 '\0', sensitive = 1 '\001', ancestor_sensitive = 1 '\001', 
    event_table = 0x9ad98, tm = {translations = 0x0, proc_table = 0x0, 
      current_state = 0x0, lastEventTime = 0}, accelerators = 0x0, 
    border_pixel = 0, border_pixmap = 2, popup_list = 0x0, num_popups = 0, 
    name = 0x7776e "TBM_Dialog_Fixed", screen = 0x7a7e0, colormap = 32, 
    window = 0, depth = 24, background_pixel = 12825262, 
    background_pixmap = 2, visible = 1 '\001', mapped_when_managed = 1 '\001'}}
(gdb) p *args
$3 = {name = 0x0, value = 0}
(gdb) p *n_args
Cannot access memory at address 0x0
(gdb) p n_args
$4 = 0
(gdb) p args
$5 = {{name = 0x0, value = 0} <repeats 20 times>}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(9

花想c 2024-08-28 18:11:21

鉴于 dbx 表示“尝试通过 NULL 指针读取 4 个字节”,并且错误是在函数调用的行上报告的,而不是在 XmCreateMainWindow 函数内,我认为问题与此有关使用语句win->name。这是 C 代码行中唯一可以在实际调用函数之前从指针读取数据的位置(它将读取存储在 win->name 中的数据副本,并传递复制到函数中)。

尝试将以下内容插入到 XmCreateMainWindow 调用的正上方行中。

assert(win != NULL);

您将需要 #include(如果尚未添加)。这应该验证调用函数时 win 不是 NULL 指针。为了彻底起见,您可能还想为 shell 添加类似的行。

Given that dbx said "Attempting to read 4 bytes through NULL pointer", and that the error was reported on the line with the function call and not inside the XmCreateMainWindow function, I assume the problem has something to do with the statement win->name. This is the only place on this line of C where you would be reading from a pointer before the function is actually called (it will read a copy of the data stored in win->name and pass the copy to the function).

Try inserting the following on the line immediately above the call to XmCreateMainWindow

assert(win != NULL);

You will need to #include <assert.h> if it isn't already. This should verify that win isn't a NULL pointer when the function is called. For the sake of being thorough, you may want to add a similar line for shell as well.

只是一片海 2024-08-28 18:11:21

您的崩溃发生在 libXm 内部。要么您的堆事先已损坏,要么您传递了错误的数据(或者,不太可能的是,libXm 和/或其他系统库中存在错误)。 args 的东西看起来没问题(尽管你的 memset 有点不标准)。

要测试堆损坏使用 Valgrind,但我不确定它是否在 Solaris 上可用。您可以在 Linux 上构建您的软件包,看看是否会遇到同样的崩溃。

(如果您切换到 Linux,您可以轻松安装 libXm 的调试符号 + 源代码,以找出数据可能出错的位置。)

对于第三种(不太可能)的可能性,请检查您是否处于最新的补丁级别。

Your crash is happening inside libXm. Either your heap has been corrupted beforehand, or you are passing in bad data (or, much less likely, there's a bug in libXm and/or other system libs). The args stuff looks like it is okay (though your memset is a bit non-standard).

To test for heap corruption use Valgrind, but I'm not sure it's available on Solaris. You could build your package on Linux and see if you get the same crash there.

(If you switch to linux you can install the debug symbols + source for libXm easily, to figure out where the data may be going wrong.)

For the 3rd (unlikely) possibility, check you're at the latest patch level.

荒芜了季节 2024-08-28 18:11:21

从你的输出中我可以立即看到的是:

a) 你使用的 GDB 版本已经过时了一年。

b) 您提供的输出都不是很有用;你需要发布一个回溯。

现在,回溯中的最后一个条目,或者更确切地说,程序实际停止的位置(本例中为 libXm)几乎从来都不是问题的实际原因。假设 libXm 没有错误,您确实需要一个适当的回溯来查看涉及您编写的代码的最后一个执行点;这更有可能是问题的根源。

还有一件事;学习使用GDB。如果您要编写超过几行的程序,那么这是必要的。

What I can see immediately from looking at your output is that:

a) The version of GDB you are using is outdated by a year.

b) None of the output you provided is very useful; you need to post a backtrace.

Now, the last entry in a backtrace, or rather, where the program actually stopped (libXm in this case), is almost never the actual cause of the problem. Assuming that libXm isn't at fault, you really need a proper backtrace to see the last point of execution which involved the code YOU wrote; this is a more likely source of the problem.

One more thing; learn to use GDB. It's a necessity if you're ever going to write a program longer than a few lines.

忆沫 2024-08-28 18:11:21

你的问题出在你的内存集中。

Arg      args[MAX_ARGS];
...
memset(&(args), 0, sizeof(Arg)*MAX_ARGS); n_args = 0;

在这里,您使用的是 &(args),而您应该使用 args&args[0]args 是指向数组开头的指针,&(args) 是指向指针的指针。当您尝试 memset &(args) 时,您正在尝试在不应写入的内存范围内写入(可能)大片零。在某些时候,该命令试图写入它不应该触及的内存范围,并且系统杀死了它。

Your problem is in your memset.

Arg      args[MAX_ARGS];
...
memset(&(args), 0, sizeof(Arg)*MAX_ARGS); n_args = 0;

Here, you are using &(args) where you should be using args or &args[0]. args is a pointer to the start of the array, and &(args) is a pointer-to-pointer. When you try to memset &(args), you are attempting to write a (potentially) large swath of zeroes over a memory range you shouldn't be writing to. At some point, that command tried to write into a memory range it wasn't supposed to touch, and the system killed it.

夏日浅笑〃 2024-08-28 18:11:21

将 memset 替换为手动设置不同参数的函数。 memset 只能用于字节数组,因为对于任何其他类型 0 可能并不意味着您认为的含义。

Replace memset with a function that sets the different args manually. memset should only be used on byte arrays because with any other type 0 may not mean what you think it means.

被你宠の有点坏 2024-08-28 18:11:21

检查 gdb 输出可能很困难,因此要么使用 IDE,要么尝试自己查找错误。

分段错误通常由以下原因引起:

  1. 当尝试取消引用 NULL 指针时
  2. 修改字符串文字,例如

    <前><代码>
    char *s = "字符串";
    *(s+1) = 's';

     正确的方法是为指针分配内存或使用字符数组或使用:
    <代码>
      char *s = strdup("字符串");
      *(s+1) = 's';
    
    
    
    

  3. 尝试访问已释放/解除分配的内存。
  4. 尝试更改/访问未分配给程序的内存。

Going through the gdb output can be difficult, so either use an IDE or try to find the bug yourself.

Segmentation Fault is usually caused:

  1. When trying to dereference a NULL pointer
  2. Modifying a string literal, for e.g.

    
      char *s = "string";
      *(s+1) = 's';
    
    
      Correct way would be to allocate memory to the pointer or use Character Array or use:
    
      char *s = strdup("string");
      *(s+1) = 's';
    
    
  3. Attempting to access already freed/deallocated memory.
  4. Attempting to alter/access memory not allocated to the program.
愁以何悠 2024-08-28 18:11:21

您将 NULL 作为第一个参数传递给 XmCreateMainWindow(parent, ...),而在 google 上找到的大多数示例似乎传递了来自 XtVaAppInitialize( 的非 NULL Widget) )在那里,你确定你不应该这样做吗?

如果失败的话,在 gdb 中,在第 180 行放置一个断点
win->main_window = XmCreateMainWindow(shell, win->name, args, n_args);

并在那里执行 'p *win' 命令,输出应该是有启发性的。可能应初始化的“win”结构的成员为空或垃圾,这应该可以让您继续。

You're passing NULL as the first argument to XmCreateMainWindow(parent, ...) while most samples found on google seem to pass a non-NULL Widget coming from XtVaAppInitialize() there, are you sure that you shouldn't be doing that too?

failing that, in gdb, put a breakpoint on the line 180
win->main_window = XmCreateMainWindow(shell, win->name, args, n_args);

and execute the 'p *win' command there, and the output should be enlightening. Probably a member of the "win" structure that shall be initialized is null or garbage, and that should get you going.

悲念泪 2024-08-28 18:11:21

这可能是一个不太可能的事情,但是您是否尝试过在回溯中对这些内存地址进行“反汇编”?如果您对装配有一些基本的了解,您也许能够通过这种方式辨别出一些不合适的东西。正如几个人提到的,您可能在某个地方访问了错误的指针。有时,程序集会显示哪个指针的地址看起来不“正确”。这在过去为我指明了正确的方向。

This may be a long shot, but have you tried "disassemble" on those memory addresses in the backtrace? If you have some basic understanding of assembly, you might be able to discern something out of place that way. As several people mentioned, you're likely accessing a bad pointer somewhere. Sometimes the assembly will reveal which pointer's address is something that doesn't seem "right." It's something that's pointed me in the right direction in the past.

别靠近我心 2024-08-28 18:11:21

我会放弃 memset 函数调用。我看到的所有示例都只是将参数计数重置回 0。

我不确定它是否可供您使用,但 DTrace 是为此类事情而构建的。这是一个讨论它的博客。 http://blogs.oracle.com/observatory/entry/d_script_archeology

雅各布

I would drop the memset function calls. All of the examples that I have seen just reset the argument count back to 0.

I am not sure if it is available to you, but DTrace was built for this sort of thing. Here is a blog that talks about it. http://blogs.oracle.com/observatory/entry/d_script_archeology

Jacob

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文