1. 首頁
  2. 問答
  3. MIPS如何找到損壞的調用堆棧原因

MIPS如何找到損壞的調用堆棧原因

2017-06-18 135 views
0

ENV: O/S版本:版本的Linux 3.4.11-RT19 硬件:MIPS 語言:CMIPS如何找到損壞的調用堆棧原因

問題: 如果調用堆棧被損壞,如何分析得到有用的信息,找出根本原因。

我檢查了backtrace,coredump文件和源代碼給出的funM DolMgmtGetNextRec(使用IPC來請求來自另一個進程的數據),發現沒有任何可疑結果。被調用方框架已損壞,無法返回給調用方。調用者的每個本地定義的變量和參數都無法訪問。

大部分時間它運行良好,但是當我使用某些工具攻擊我的程序的開放端口時,內存消耗很快,則出現此問題, 程序以信號11終止,分段錯誤。

(gdb) bt 
#0 0x77277218 in DolMgmtGetNextRec (devCtxt=Cannot access memory at address 0x68 
) 
Cannot access memory at address 0x64 
(gdb) info reg 
      zero  at  v0  v1  a0  a1  a2  a3 
R0 00000000 10009900 00000000 00000001 00000001 00000001 00000001 00000000 
      t0  t1  t2  t3  t4  t5  t6  t7 
R8 00000000 00001000 00001000 fffffff0 00000807 00000800 00000400 00000008 
      s0  s1  s2  s3  s4  s5  s6  s7 
R16 76d044f0 00000000 774fd020 00000000 00000000 00000000 00008000 774fb000 
      t8  t9  k0  k1  gp  sp  s8  ra 
R24 00000001 774e4f30 00000000 00000000 772d4e10 76d03d90 00000000 77277218 
      sr  lo  hi  bad cause  pc 
     00009913 a6d6a883 2775cba8 00000028 00000008 77277218 
      fsr  fir 
     00000000 00000000 
(gdb) 
(gdb) info locals 
priority = <error reading variable priority (Cannot access memory at address 0x44)> 
dstNodeId = <error reading variable dstNodeId (Cannot access memory at address 0x3c)> 
ReceiveLen = <error reading variable ReceiveLen (Cannot access memory at address 0x50)> 
srcChnlId = <error reading variable srcChnlId (Cannot access memory at address 0x54)> 
pStruMsg = <error reading variable pStruMsg (Cannot access memory at address 0x30)> 
Ret = <error reading variable Ret (Cannot access memory at address 0x48)> 
SendLen = <error reading variable SendLen (Cannot access memory at address 0x40)> 
getRequest = <error reading variable getRequest (Cannot access memory at address 0x58)> 
pRspMsg = <error reading variable pRspMsg (Cannot access memory at address 0x34)> 
dstChnlId = <error reading variable dstChnlId (Cannot access memory at address 0x38)> 
__FUNCTION__ = "DolMgmtGetNextRec" 
(gdb)

來源

2017-06-18 jackxie

回答

0

它可能是一個堆棧緩衝區溢出(這可能是一個生產軟件致命的)。

嘗試Valgrind,clang-sanitizer

你也可以看看堆棧(hexdump)(肉眼)看看哪些數據包溢出棧(如果你熟悉你的數據包)

來源

2017-06-18 14:40:34 Thiner

相關問題

 相關問題