GDB损坏堆栈帧

本文介绍了GDB损坏堆栈帧 - 如何调试？的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我有以下的堆栈跟踪。是否有可能做出来的东西，从这个有用的调试？

I have the following stack trace. Is it possible to make out anything useful from this for debugging?

Program received signal SIGSEGV, Segmentation fault. 0x00000002 in ?? () (gdb) bt #0 0x00000002 in ?? () #1 0x00000001 in ?? () #2 0xbffff284 in ?? () Backtrace stopped: previous frame inner to this frame (corrupt stack?) (gdb)

从哪里开始看code，当我们得到一个分段故障和堆栈跟踪不是那么有用吗？

Where to start looking at the code when we get a Segmentation fault, and the stack trace is not so useful?

请注意：如果我张贴code，那么因此专家会给我答案。我想从SO采取指导，并找到自己的答案，所以我不是在这里张贴code。道歉。

NOTE: If I post the code, then the SO experts will give me the answer. I want to take the guidance from SO and find the answer myself, so I'm not posting the code here. Apologies.

推荐答案

这些假不会忽略（0x00000002等）实际上是PC值，而不是SP值。现在，当你得到这样的SEGV，用一个假的（很小）PC地址，它是由于通过一个虚假的函数指针调用99％的时间。注意，在C，它的虚拟呼叫++经由函数指针实现的，因此与一个虚拟呼叫的任何问题可以以同样的方式表现。

Those bogus adresses (0x00000002 and the like) are actually PC values, not SP values. Now, when you get this kind of SEGV, with a bogus (very small) PC address, 99% of the time it's due to calling through a bogus function pointer. Note that virtual calls in C++ are implemented via function pointers, so any problem with a virtual call can manifest in the same way.

这是间接调用指令只是推调用入堆栈后的PC，然后设置PC到目标值（假在这种情况下），因此，如果这的是的发生了什么事，你可以很容易地通过手动弹出的PC从堆栈撤消。在32位x86 code你只是做：

An indirect call instruction just pushes the PC after the call onto the stack and then sets the PC to the target value (bogus in this case), so if this is what happened, you can easily undo it by manually popping the PC off the stack. In 32-bit x86 code you just do:

(gdb) set $pc = *(void **)$esp (gdb) set $esp = $esp + 4

使用64位x86 code你需要

With 64-bit x86 code you need

(gdb) set $pc = *(void **)$rsp (gdb) set $rsp = $rsp + 8

然后，你应该能够做一个 BT ，并找出其中的code到底是什么。

Then, you should be able to do a bt and figure out where the code really is.

时的另外1％时，误差将因覆写堆栈，通常通过溢出存储在栈上的阵列。在这种情况下，您可能能够通过使用如 Valgrind的

The other 1% of the time, the error will be due to overwriting the stack, usually by overflowing an array stored on the stack. In this case, you might be able to get more clarity on the situation by using a tool like valgrind