API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 20th, 2012
65
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.34 KB | None | 0 0
raw download clone embed print report
  1. == Simple setjmp/longjmp program ==
  2.  
  3. static jmp_buf jbuf;
  4.  
  5. static void sighandler(int signo)
  6. {
  7. siglongjmp(jbuf, signo);
  8. }
  9.  
  10. static void setup_sighandler(void)
  11. {
  12. signal(SIGINT, sighandler);
  13.  
  14. if (0 == sigsetjmp(jbuf, 0)) {
  15. return;
  16. }
  17.  
  18. exit(42);
  19. }
  20.  
  21. int main(int argc, char *argv[])
  22. {
  23. setup_sighandler();
  24. pause();
  25.  
  26. return 0;
  27. }
  28.  
  29.  
  30. objdump -saD -j .text test-setjmp:
  31.  
  32. 004006c0 <sighandler>:
  33. 4006c0: 27bdffe0 addiu sp,sp,-32
  34. 4006c4: afbf001c sw ra,28(sp)
  35. 4006c8: afbe0018 sw s8,24(sp)
  36. 4006cc: 03a0f021 move s8,sp
  37. 4006d0: 3c1c0042 lui gp,0x42
  38. 4006d4: 279c8a50 addiu gp,gp,-30128
  39. 4006d8: afbc0010 sw gp,16(sp)
  40. 4006dc: afc40020 sw a0,32(s8)
  41. 4006e0: 3c020041 lui v0,0x41
  42. 4006e4: 24440ac0 addiu a0,v0,2752
  43. 4006e8: 8fc50020 lw a1,32(s8)
  44. 4006ec: 8f82803c lw v0,-32708(gp)
  45. 4006f0: 0040c821 move t9,v0
  46. 4006f4: 0320f809 jalr t9
  47. 4006f8: 00000000 nop
  48.  
  49. 004006fc <setup_sighandler>:
  50. 4006fc: 27bdffe0 addiu sp,sp,-32 => setup new stack frame
  51. 400700: afbf001c sw ra,28(sp) => save return address to main
  52. 400704: afbe0018 sw s8,24(sp) => save main's frame pointer
  53. 400708: 03a0f021 move s8,sp => adjust frame pointer
  54. 40070c: 3c1c0042 lui gp,0x42
  55. 400710: 279c8a50 addiu gp,gp,-30128
  56. 400714: afbc0010 sw gp,16(sp) => save gp
  57. 400718: 24040002 li a0,2
  58. 40071c: 3c020040 lui v0,0x40
  59. 400720: 244506c0 addiu a1,v0,1728
  60. 400724: 8f828054 lw v0,-32684(gp)
  61. 400728: 0040c821 move t9,v0
  62. 40072c: 0320f809 jalr t9 => signal()
  63. 400730: 00000000 nop
  64. 400734: 8fdc0010 lw gp,16(s8) => restore gp
  65. 400738: 3c020041 lui v0,0x41
  66. 40073c: 24440ac0 addiu a0,v0,2752
  67. 400740: 00002821 move a1,zero
  68. 400744: 8f828044 lw v0,-32700(gp)
  69. 400748: 0040c821 move t9,v0
  70. 40074c: 0320f809 jalr t9 => sigsetjmp()
  71. 400750: 00000000 nop
  72. 400754: 8fdc0010 lw gp,16(s8) => Next instruction after sigsetjmp(): restore gp
  73. 400758: 10400006 beqz v0,400774 <setup_sighandler+0x78>
  74. 40075c: 00000000 nop
  75. 400760: 2404002a li a0,42 => sigsetjmp() != 0 (siglongjmp was called)
  76. 400764: 8f82804c lw v0,-32692(gp)
  77. 400768: 0040c821 move t9,v0
  78. 40076c: 0320f809 jalr t9 => exit
  79. 400770: 00000000 nop
  80. 400774: 00000000 nop => sigsetjmp() == 0
  81. 400778: 03c0e821 move sp,s8
  82. 40077c: 8fbf001c lw ra,28(sp) => restore return address
  83. 400780: 8fbe0018 lw s8,24(sp) => restore frame pointer
  84. 400784: 27bd0020 addiu sp,sp,32
  85. 400788: 03e00008 jr ra => return
  86. 40078c: 00000000 nop
  87.  
  88. 1. In setup_sighandler() before sigsetjmp()
  89.  
  90. (gdb) p /x $gp
  91. $1 = 0x418a50
  92. (gdb) p /x $s8
  93. $2 = 0x7fff6a58
  94. (gdb) x /20x $s8
  95. 0x7fff6a58: 0x77fc5e00 0x00400834 0x77fd4544 0x00400590
  96. 0x7fff6a68: 0x00418a50 0x77e60c94 0x7fff6a78 0x004007bc
  97. 0x7fff6a78: 0x77fc5e00 0x00000000 0x00400590 0x00000000
  98. 0x7fff6a88: 0x00418a50 0x77ff6fac 0x004e9e7c 0x77e3f378
  99. 0x7fff6a98: 0x00000001 0x7fff6b74 0x77fc5e00 0x00000000
  100.  
  101. gp is set at offset 16 from frame pointer.
  102.  
  103.  
  104. 2. In setup_sighandler() after sigsetjmp()
  105.  
  106. Execution resumes at:
  107. lw gp,16(s8)
  108.  
  109. After this instruction, gp and s8 are correct (same output as in 1.)
  110.  
  111.  
  112. 3. In sighandler() before siglongjmp()
  113.  
  114. Let's see what setup_sighandler's stack frame now looks like:
  115.  
  116. (gdb) x /20x 0x7fff6a58
  117. 0x7fff6a58: 0x77fc5e00 0x00400834 0x00410ac0 0x00000000
  118. 0x7fff6a68: 0x7fff6a58 0x7fff6a58 0x77fff000 0x004007d0
  119. 0x7fff6a78: 0x77fc5e00 0x00000000 0x00400590 0x00000000
  120. 0x7fff6a88: 0x00418a50 0x77ff6fac 0x004e9e7c 0x77e3f378
  121. 0x7fff6a98: 0x00000001 0x7fff6b74 0x77fc5e00 0x00000000
  122.  
  123. At least the offset where gp used to be stored has been smashed.
  124.  
  125.  
  126. 4. In setup_sighandler after siglongjmp()
  127.  
  128. Execution resumes at:
  129. lw gp,16(s8)
  130.  
  131. (gdb) p /x $s8
  132. $6 = 0x7fff6a58
  133.  
  134. s8 was correctly restored.
  135.  
  136. (gdb) x /20x $s8
  137. 0x7fff6a58: 0x77fc5e00 0x00400834 0x00410ac0 0x00000000
  138. 0x7fff6a68: 0x7fff6a58 0x7fff6a58 0x77fff000 0x004007d0
  139. 0x7fff6a78: 0x77fc5e00 0x00000000 0x00400590 0x00000000
  140. 0x7fff6a88: 0x00418a50 0x77ff6fac 0x004e9e7c 0x77e3f378
  141. 0x7fff6a98: 0x00000001 0x7fff6b74 0x77fc5e00 0x00000000
  142.  
  143. At we expected from 3. the setup_sighandler's frame pointer contains random values, especially at the offset where gp is supposed to be stored.
  144. So the instruction lw gp,16(s8) will not restore gp properly.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!