1. 首页
  2. 问答
  3. SIGSEGV的原因

SIGSEGV的原因

2013-01-05 140 views
1

我有一个示例应用程序,我已经创建了解ELF二进制格式的实验。SIGSEGV的原因

当我运行它,它收到SIGSEGV后崩溃。 用gdb附着,然后运行后,我看到它崩溃在下面的行

(gdb) x/i 0x08054697 
=> 0x8054697: mov %edx,0x80f8f5c

但是,该指令的目的地址是有效的地址和该存储器被映射为可写的。

(gdb) p/x *0x80f8f5c 
$3 = 0x0 
(gdb) si 

Program received signal SIGSEGV, Segmentation fault. 
0x08054697 in ??()

我想了解为什么这个过程接收到SIGSEGV?为了找出原因,我应该寻找其他什么东西。

这是readelf的输出,显示映射的虚拟内存区域。从二进制

Elf file type is EXEC (Executable file) 
Entry point 0x8048e08 
There are 13 program headers, starting at offset 52 

Program Headers: 
    Type   Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align 
    PHDR   0x000034 0x08047034 0x08047034 0x002a4 0x002a4 R E 0x1 
    INTERP   0x0001d4 0x080471d4 0x080471d4 0x00013 0x00013 R 0x1 
     [Requesting program interpreter: /lib/ld-linux.so.2] 
    DYNAMIC  0x0001e7 0x080471e7 0x080471e7 0x00060 0x00060 RW 0x1 
    LOAD   0x000000 0x08047000 0x08047000 0x01000 0x01000 R E 0x1 
    LOAD   0x001000 0x08048000 0x08048000 0xae948 0xae948 R E 0x1000 
    LOAD   0x0b06dc 0x080f86dc 0x080f86dc 0x015f8 0x07730 RW 0x1000 
    LOAD   0x0c52b8 0x081002b8 0x081002b8 0x00400 0x00400 R E 0x1 
    LOAD   0x0c56b8 0x081006b8 0x081006b8 0x00400 0x00400 R E 0x1 
    LOAD   0x0c5ab8 0x08100ab8 0x08100ab8 0x00400 0x00400 R E 0x1 
    NOTE   0x0010f4 0x080480f4 0x080480f4 0x00044 0x00044 R 0x4 
    TLS   0x0b06dc 0x080f86dc 0x080f86dc 0x00010 0x00030 R 0x4 
    GNU_STACK  0x001000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4 
    GNU_RELRO  0x0b06dc 0x080f86dc 0x080f86dc 0x00924 0x00924 R 0x1

相关指令都是

0x805467d: mov 0x64(%esp),%edx 
0x8054681: mov 0x68(%esp),%ecx 
0x8054685: mov %eax,0x80f9a44 
0x805468a: lea 0x4(%ecx,%edx,4),%eax 
0x805468e: mov 0x78(%esp),%edx 
0x8054692: mov %eax,0x80ff1c8 
==> 0x8054697: mov %edx,0x80f8f5c 
0x805469d: lea 0x0(%esi),%esi

有广发行的方式,如果地址映射为只读或没有弄清楚?

什么可能是这种分段故障的原因?

C代码

/* 

ECHOSERV.C 
========== 
(c) Paul Griffiths, 1999 
Email: [email protected] 

Simple TCP/IP echo server. 

*/ 


#include <sys/socket.h>  /* socket definitions  */ 
#include <sys/types.h>  /* socket types    */ 
#include <arpa/inet.h>  /* inet (3) functions   */ 
#include <unistd.h>   /* misc. UNIX functions  */ 

#include <stdlib.h> 
#include <stdio.h> 
#include <string.h> 

#include <sys/stat.h> 
#include <fcntl.h> 

#include "helper.h" 

#define LOG_FILE "test_disk.txt" 

/* Global constants */ 

#define ECHO_PORT   (20002) 
#define MAX_LINE   (1000) 


int main(int argc, char *argv[]) { 
    int  list_s;    /* listening socket   */ 
    int  conn_s;    /* connection socket   */ 
    short int port;     /* port number    */ 
    struct sockaddr_in servaddr; /* socket address structure */ 
    char  buffer[MAX_LINE];  /* character buffer   */ 
    char  *endptr;    /* for strtol()    */ 
    int file_fd = open(LOG_FILE, O_WRONLY|O_CREAT); 

    /* Get port number from the command line, and 
     set to default port if no arguments were supplied */ 
    if (argc == 2) { 
     port = strtol(argv[1], &endptr, 0); 
     if (*endptr) { 
      fprintf(stderr, "ECHOSERV: Invalid port number.\n"); 
      exit(EXIT_FAILURE); 
     } 
    } 
    else if (argc < 2) { 
     port = ECHO_PORT; 
    } 
    else { 
     fprintf(stderr, "ECHOSERV: Invalid arguments.\n"); 
     exit(EXIT_FAILURE); 
    } 


    /* Create the listening socket */ 

    if ((list_s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { 
     fprintf(stderr, "ECHOSERV: Error creating listening socket.\n"); 
     exit(EXIT_FAILURE); 
    } 


    /* Set all bytes in socket address structure to 
     zero, and fill in the relevant data members */ 

    memset(&servaddr, 0, sizeof(servaddr)); 
    servaddr.sin_family  = AF_INET; 
    servaddr.sin_addr.s_addr = htonl(INADDR_ANY); 
    servaddr.sin_port  = htons(port); 


    /* Bind our socket addresss to the 
     listening socket, and call listen() */ 

    if (bind(list_s, (struct sockaddr *) &servaddr, sizeof(servaddr)) < 0) { 
     fprintf(stderr, "ECHOSERV: Error calling bind()\n"); 
     exit(EXIT_FAILURE); 
    } 

    if (listen(list_s, LISTENQ) < 0) { 
     fprintf(stderr, "ECHOSERV: Error calling listen()\n"); 
     exit(EXIT_FAILURE); 
    } 


    /* Enter an infinite loop to respond 
     to client requests and echo input */ 

    while (1) { 

     /* Wait for a connection, then accept() it */ 

     if ((conn_s = accept(list_s, NULL, NULL)) < 0) { 
      fprintf(stderr, "ECHOSERV: Error calling accept()\n"); 
      exit(EXIT_FAILURE); 
     } 


     /* Retrieve an input line from the connected socket 
      then simply write it back to the same socket.  */ 

     Readline(conn_s, buffer, MAX_LINE-1); 
     Writeline(conn_s, buffer, strlen(buffer)); 
     Writeline(file_fd, buffer, strlen(buffer)); 
     printf("%s\n", buffer); 

     /* Close the connected socket */ 

     if (close(conn_s) < 0) { 
      fprintf(stderr, "ECHOSERV: Error calling close()\n"); 
      exit(EXIT_FAILURE); 
     } 
    } 
} 


/* 

HELPER.C 
======== 
(c) Paul Griffiths, 1999 
Email: [email protected] 

Implementation of sockets helper functions. 

Many of these functions are adapted from, inspired by, or 
otherwise shamelessly plagiarised from "Unix Network 
Programming", W Richard Stevens (Prentice Hall). 

*/ 

#include "helper.h" 
#include <sys/socket.h> 
#include <unistd.h> 
#include <errno.h> 


/* Read a line from a socket */ 

ssize_t Readline(int sockd, void *vptr, size_t maxlen) { 
    ssize_t n, rc; 
    char c, *buffer; 

    buffer = (char *)vptr; 

    for (n = 1; n < maxlen; n++) { 

     if ((rc = read(sockd, &c, 1)) == 1) { 
      *buffer++ = c; 
      if (c == '\n') 
       break; 
     } 
     else if (rc == 0) { 
      if (n == 1) 
       return 0; 
      else 
       break; 
     } 
     else { 
      if (errno == EINTR) 
       continue; 
      return -1; 
     } 
    } 

    *buffer = 0; 
    return n; 
} 


/* Write a line to a socket */ 

ssize_t Writeline(int sockd, const void *vptr, size_t n) { 
    size_t  nleft; 
    ssize_t  nwritten; 
    const char *buffer; 

    buffer = (const char *)vptr; 
    nleft = n; 

    while (nleft > 0) { 
     if ((nwritten = write(sockd, buffer, nleft)) <= 0) { 
      if (errno == EINTR) 
       nwritten = 0; 
      else 
       return -1; 
     } 
     nleft -= nwritten; 
     buffer += nwritten; 
    } 

    return n; 
}

来源

2013-01-05 javed

+0

你正在编写这个程序集吗?你可以请张贴一些代码吗? – 2013-01-05 15:25:06

+1

这可能与本网站的名称有关:D。你应该添加一些代码,因为在这个阶段我们只能推测这一点,但我认为我知道你的问题是什么。 – user1824407

+0

那么,我试图转换一个静态链接二进制动态链接。作为第一步,我在二进制文件的虚拟地址空间中添加了新的LOAD段,并添加了PT_INTERP,一个虚拟PT_DYNAMIC段。 C代码是简单的TCP回显服务器。 – javed

回答

3

但是,该指令的目的地址是有效的地址和该存储器被映射为可写的。

不是它(或指令不会造成SIGSEGV)。

目标0x80f8f5c由该负载分段“覆盖”:

LOAD   0x0b06dc 0x080f86dc 0x080f86dc 0x015f8 0x07730 RW 0x1000

而且通过这样的:

GNU_RELRO  0x0b06dc 0x080f86dc 0x080f86dc 0x00924 0x00924 R 0x1

GNU_RELRO要求运行时加载,使地址空间的这部分只读只有在加载器执行了重定位之后(这正是它所做的,以及导致你崩溃的原因)。

有没有在gdb中找出地址是否映射为readonly的方法?

你可以问问gdb与info proc map,或只是看看/proc/<pid>/maps。无论哪种方式,你会发现内存映射为只读。

来源

2013-01-05 22:48:26

相关问题

 相关问题