On 08/27/2009 01:59 PM, Orion Poplawski wrote:
Thanks, but my trouble though is what to watch. My thought was to watch
the location of the guard variable that the stack protector code checks,
but I have no idea how to find that out.
By looking at the disassembly of the funtcion, I'm able to see the stack
check code at the end:
0x08058f39 <an_check_lab_desc+553>: mov -0x1c(%ebp),%eax
0x08058f3c <an_check_lab_desc+556>: xor %gs:0x14,%eax
0x08058f43 <an_check_lab_desc+563>: jne 0x8058f50
<an_check_lab_desc+576>
so it's watching %ebp - 0x1c (it appears).
(gdb) print $ebp - 0x1c
$1 = (PTR TO -> ( void )) 0xbfffcb5c
(gdb) watch *(0xbfffcb5c)
Hardware watchpoint 2: *(0xbfffcb5c)
(gdb) c
Continuing.
Hardware watchpoint 2: *(0xbfffcb5c)
Old value = -987698962
New value = -987699200
DFANIgetann (filename=0x8125d10 "tdfanF.hdf", tag=<value optimized out>,
ref=<value optimized out>, ann=0xbfffcb3e "Object label #1: sds
",
maxlen=31, type=0) at dfan.c:1103
1103 Lastref = annref; /* remember ref last accessed */
Current language: auto; currently c
(gdb) list
1098 HCLOSE_GOTO_ERROR(file_id,DFE_READERROR,FAIL);
1099 }
1100 if (type == DFAN_LABEL)
1101 ann[annlen] = '\0'; /* terminate string properly */
1102
1103 Lastref = annref; /* remember ref last accessed */
(gdb) print &ann[annlen]
$7 = (uint8 *) 0xbfffcb5c ""
So that's where I get clobbered. Need to figure out why, but at least I
solved the watch location question.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane orion@xxxxxxxxxxxxx
Boulder, CO 80301 http://www.cora.nwra.com
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
