找到堆栈溢出功能,我有以下的C应用程序:无法使用GDB
armv5l-linux-gnueabi-gcc -v
Using built-in specs.
Target: armv5l-linux-gnueabi
Configured with: /home/tarjeif/svn/builder/build_armv5l-linux-gnueabi/gcc-4.4.1/gcc-4.4.1/configure --target=armv5l-linux-gnueabi --host=i486-linux-gnu --build=i486-linux-gnu --prefix=/home/tarjeif/svn/builder/build_armv5l-linux-gnueabi/toolchain --with-sysroot=/home/tarjeif/svn/builder/build_armv5l-linux-gnueabi/toolchain --with-headers=/home/tarjeif/svn/builder/build_armv5l-linux-gnueabi/toolchain/include --enable-languages=c,c++ --with-gmp=/home/tarjeif/svn/builder/build_armv5l-linux-gnueabi/gmp-5.0.0/gmp-host-install --with-mpfr=/home/tarjeif/svn/builder/build_armv5l-linux-gnueabi/mpfr-2.4.2/mpfr-host-install --disable-nls --disable-libgcj --disable-libmudflap --disable-libssp --disable-libgomp --enable-checking=release --with-system-zlib --with-arch=armv5t --with-gnu-as --with-gnu-ld --enable-shared --enable-symvers=gnu --enable-__cxa_atexit --disable-nls --without-fp --enable-threads
Thread model: posix
gcc version 4.4.1 (GCC)
调用像这样:
#include <stdio.h>
void smash()
{
int i;
char buffer[16];
for(i = 0; i < 17; i++) // <-- exceeds the limit of the buffer
{
buffer[i] = i;
}
}
int main()
{
printf("Starting\n");
smash();
return 0;
}
我用gcc以下版本的交叉编译
armv5l-linux-gnueabi-gcc -ggdb3 -fstack-protector-all -O0 test.c
当在目标上运行时,它输出:
Starting
*** stack smashing detected ***: ./a.out terminated
Aborted (core dumped)
我加载在gdb所产生的核心转储,得到以下回溯:
GNU gdb (GDB) 7.0.1
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "--host=i486-linux-gnu --target=armv5l-linux-gnueabi".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/andersn/workspace/stacktest/a.out...done.
Reading symbols from /home/andersn/workspace/stacktest/linux/toolchain/lib/libc.so.6...done.
Loaded symbols for /home/andersn/workspace/stacktest/linux/toolchain/lib/libc.so.6
Reading symbols from /home/andersn/workspace/stacktest/linux/toolchain/lib/ld-linux.so.3...done.
Loaded symbols for /home/andersn/workspace/stacktest/linux/toolchain/lib/ld-linux.so.3
Reading symbols from /home/andersn/workspace/stacktest/linux/toolchain /lib/libgcc_s.so.1...done.
Loaded symbols for /home/andersn/workspace/stacktest/linux/toolchain/lib/libgcc_s.so.1
Core was generated by `./a.out'.
Program terminated with signal 6, Aborted.
#0 0x40052d4c in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:67
67 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) bt
#0 0x40052d4c in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:67
#1 0x40054244 in *__GI_abort() at abort.c:92
#2 0x40054244 in *__GI_abort() at abort.c:92
#3 0x40054244 in *__GI_abort() at abort.c:92
#4 0x40054244 in *__GI_abort() at abort.c:92
#5 0x40054244 in *__GI_abort() at abort.c:92
#6 0x40054244 in *__GI_abort() at abort.c:92
... and so on ...
现在的问题: 我完全无法找到导致堆栈GDB砸即使函数smash()函数不会覆盖堆栈的任何结构数据,只会覆盖堆栈保护器本身。我该怎么办?
我认为你的“等”可能已经省略了一些重要的信息。是__GI_abort真的是堆栈的底部? – SoapBox 2010-10-26 14:58:59
我试着继续GDB输出,并在我放弃之前达到了#11087 ....所有相同的帧。 – anorm 2010-10-26 15:01:46
你明确地破坏了堆栈 - 不要指望核心文件有整齐的链接调用框架然后:) – 2010-10-26 15:25:00