flat assembler
Message board for the users of flat assembler.

Index > Compiler Internals > Bad addressing in ELF64 (it's gdb's fault ;))

Author
Thread Post new topic Reply to topic
scientica
Retired moderator


Joined: 16 Jun 2003
Posts: 689
Location: Linköping, Sweden
scientica
Either I've been away from asm for too long or this is a bug...

While trying to debug a little pice of code, I ran in to a strange thing, gdb didn't seem to see anything happening to my "[hBuff]". After some poking (trouble shooting/hunting) around I tried to compile the following testcase/bugcase:
Code:
format ELF64
section '.bss' writeable
   hBuff   dq 0
section '.text' executable

public _start
_start:
int3
    mov rax, hBuff
      mov rax, hBuff
      lea rax, [hBuff]
    lea rax, [hBuff]
    mov rax, [hBuff]
    mov rax, [hBuff]    

and got this from gdb:
Code:
fasm bugcase.asm ~/tmp/bugcase.o && gcc -nostartfiles ~/tmp/bugcase.o -o ~/tmp/bugcase && gdb -x ~/.gdb ~/tmp/bugcase
flat assembler  version 1.67.21  (16384 kilobytes memory)
1 passes, 977 bytes.
GNU gdb 6.6
---8<--- "cutting the chase" ---8<---
(gdb)r
Starting program: /home/frekla/tmp/bugcase
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done.

Program received signal SIGTRAP, Trace/breakpoint trap.
0x00000000004001d1 in _start ()
(gdb)x /6ib $rip
0x4001d1 <_start+1>:    mov    rax,0x500320
0x4001db <_start+11>:   mov    rax,0x500320
0x4001e5 <_start+21>:   lea    rax,ds:0x100134
0x4001ec <_start+28>:   lea    rax,ds:0x10012d
0x4001f3 <_start+35>:   mov    rax,QWORD PTR ds:0x100126
0x4001fa <_start+42>:   mov    rax,QWORD PTR ds:0x10011f
(gdb)q
The program is running.  Exit anyway? (y or n) y    

notice how it seems that everytime [hBuff] is "accessed" it seems to change!
(I'd atleast expect that two identicall lines would give identical data, and btw, I've tried with r11 instead of rax, but alas same error)

I checked whether ELF32 bit was affected to, but it seems to be ok:
Code:
format ELF
section '.bss'  writeable
   hBuff   dd 0
section '.text' executable

public _start
_start:
int3
    mov eax, hBuff
      mov eax, hBuff
      lea eax, [hBuff]
    lea eax, [hBuff]
    mov eax, [hBuff]
    mov eax, [hBuff]    

gave:
Code:
(gdb)x /6ib $eip
0x8048121 <_start+1>:   mov    eax,0x80491b8
0x8048126 <_start+6>:   mov    eax,0x80491b8
0x804812b <_start+11>:  lea    eax,ds:0x80491b8
0x8048131 <_start+17>:  lea    eax,ds:0x80491b8
0x8048137 <_start+23>:  mov    eax,ds:0x80491b8
0x804813c <_start+28>:  mov    eax,ds:0x80491b8    


I build and ran them with:
fasm bugcase.asm ~/tmp/bugcase.o && gcc -m32 -nostartfiles ~/tmp/bugcase.o -o ~/tmp/bugcase && gdb -x ~/.gdb ~/tmp/bugcase
and
fasm bugcase32.asm ~/tmp/bugcase32.o && gcc -m32 -nostartfiles ~/tmp/bugcase32.o -o ~/tmp/bugcase32 && gdb -x ~/.gdb ~/tmp/bugcase32
(my .gdb makes sure I get intel flavour'ed gdb, you can skip '-x ~/.gdb' if you don't have that file)

It could also be that gcc is the culprit here so, if anyone else would care to try I'd be happy. (btw, my gcc version is (Gentoo) 4.1.2)

_________________
... a professor saying: "use this proprietary software to learn computer science" is the same as English professor handing you a copy of Shakespeare and saying: "use this book to learn Shakespeare without opening the book itself.
- Bradley Kuhn


Last edited by scientica on 09 Jul 2007, 20:17; edited 1 time in total
Post 09 Jul 2007, 15:46
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Does gdb inform explicitly when RIP addressing is used? (example: "lea rax,ds:RIP+0x100134")

Is very possible that it is because of the RIP-relative addressing but try this code to see if you get the same pointer:
Code:
mov rax, hBuff
mov rdx, rax
lea rax, [hBuff]
xor ebx, ebx
cmp rax, rdx
sete bl
int3    
Post 09 Jul 2007, 15:58
View user's profile Send private message Reply with quote
scientica
Retired moderator


Joined: 16 Jun 2003
Posts: 689
Location: Linköping, Sweden
scientica
Dunno, I don't really like gdb, I only use it because ollydbg isn't for linux Crying or Very sad
Code:
(gdb)x /7ib $rip
0x4001d1 <_start+1>:    mov    rax,0x5002d8
0x4001db <_start+11>:   mov    rdx,rax
0x4001de <_start+14>:   lea    rax,ds:0x1000f3
0x4001e5 <_start+21>:   xor    ebx,ebx
0x4001e7 <_start+23>:   cmp    rax,rdx
0x4001ea <_start+26>:   sete   bl
0x4001ed <_start+29>:   int3
---8< ---
2: $rdx = 5243608
1: $rax = 5243608    

so that means that gdb isn't showing RIP-relative explicity?
Post 09 Jul 2007, 16:23
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Exactly Very Happy (0x4001e5 + 0x1000f3 = 0x5002d8)
Post 09 Jul 2007, 17:17
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
scientica: download FDBG
Post 09 Jul 2007, 17:23
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
scientica
Retired moderator


Joined: 16 Jun 2003
Posts: 689
Location: Linköping, Sweden
scientica
/me beats up gdb

vid, thanks, had forgottten about fdbg (I've been away from asm for way too long it seems Sad )
Post 09 Jul 2007, 20:08
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
scientica: what sort of job you have?
Post 09 Jul 2007, 20:34
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
scientica
Retired moderator


Joined: 16 Jun 2003
Posts: 689
Location: Linköping, Sweden
scientica
I'm currently "summer working" (cleaning, quite nice with some physical work for a change; also, cash is always good when studying Wink), but my 'real' occupation currently is studying (CS (sic!) at LiU). It takes quite some time, and when I get free time I tend to be rather tired (or out with my friends) - sadly I haven't had much time for coding assembly (been doing functionall stuff(=lisp) and imperative (=Ada(95)) for most of the past year). My second year will start in August (the year before this one I studied japanese).
I'm trying to make sure I'll pass the 2 maths courses I failed this semester (discrete and calculus), so I should spend most of my free time studying now.

_________________
... a professor saying: "use this proprietary software to learn computer science" is the same as English professor handing you a copy of Shakespeare and saying: "use this book to learn Shakespeare without opening the book itself.
- Bradley Kuhn
Post 10 Jul 2007, 14:34
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.