Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Segfault shows up only in GDB

Tags:

c

linux

x86

assembly

segmentation-fault

Why does the following program not crash when it is executed, but crash with a segfault in GDB? Compiled with GCC 4.5.2 on a 32-bit x86 (Athlon 64, if it should matter).

#include <stdio.h>
#include <string.h>

int modify(void)
{
        __asm__("mov $0x41414141, %edx"); // Stray value.
        __asm__("mov $0xbffff2d4, %eax"); // Addr. of ret pointer for function().
        __asm__("mov %edx, (%eax)");
}

int function(void)
{
        modify();

        return 0;
}

int main(int argc, char **argv)
{
        function();

        return 0;
}

The mov $0xbffff2d4, %eax was determined using GDB to find the address where the return pointer was stored for the "function" function. This will probably be different on a different system. ASLR was disabled for this.

When I execute the program, nothing happens. There is no report of a crash in dmesg either. However when I execute the same program in GDB:

Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()
=> 0x41414141:  Cannot access memory at address 0x41414141

This is what I expect should happen when I execute the program normally as well. I do indeed get segfaults as usual when other programs crash, and I can easily write a small program that crashes with a nice segfault. But why does this particular program not crash with a segfault?

like image 547
csstudent2233 Avatar asked Nov 03 '22 12:11

csstudent2233

1 Answers

Even with full ASLR disabled, you may still get randomized stack and heap. You can turn that off globally using the norandmaps kernel boot parameter or at runtime by setting /proc/sys/kernel/randomize_va_space to zero. It's also part of the process personality.

In GDB, you can tweak this using the disable-randomization setting:

(gdb) help set disable-randomization
Set disabling of debuggee's virtual address space randomization.
When this mode is on (which is the default), randomization of the virtual
address space is disabled.  Standalone programs run with the randomization
enabled by default on some platforms.

As a small test program to illustrate this, you can print the address of a local variable, such as:

#include <stdio.h>

int main(int argc, char **argv)
{
    printf("%p\n", &argc);
    return 0;
}
like image 107
Jester Avatar answered Nov 09 '22 17:11

Jester
Sign in to Comment

Related questions

How to get VS or Xcode warning with something like "x = x++"?
embedded timer wrap
Static library linking in eclipse
character type int
BCI library for Java in C
Android JNI native C function call kills activity
Does SQLite leak memory with the SQLCipher extension?
Sorting a linked list in C
What standard library function does libc.a contain?
Check that iso_c_binding is available at compile-time
Issues with time slicing
How can I set the TCP options for sending packets?
GDB: Break on func1 only if previous break was on func2
how to intercept calls to the file systems
How to force partial writes to test a network server
the architecture of on-disk data structures
What is set by using stime() and clock_settime()?
Program "gcc" not found in PATH with Eclipse CDT
why optimization breaks this C code?
File opened successfully but reads result in "Bad file descriptor" error and stat shows filesize zero

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!