Crash into simply code
Posted: Tue Jun 16, 2015 2:59 pmHello, I have a crash with this code:
Compiled with:
Tested with:
I do frequently donation. It's to finish to dev my software.
Cheers,
- Code: Select all
#include <iostream>
#include <stdlib.h>
#include <ostream>
int main(int argc, char **argv)
{
char * rawServerListForC211=static_cast<char *>(malloc(128*1024));
//work
rawServerListForC211[103+0]=100;
rawServerListForC211[103+7]=100;
*reinterpret_cast<uint32_t *>(rawServerListForC211+0)=100;
*reinterpret_cast<uint32_t *>(rawServerListForC211+1)=100;
*reinterpret_cast<uint64_t *>(rawServerListForC211+0)=100;
/* crash:
<3>PAX: From 192.168.0.10: catchchallenger:24320, uid/euid: 0/0, attempted to access userland memory at 0b699348
<1>Unhandled fault: page domain fault (0x01b) at 0x0b699348
<0>Internal error: : 1b [#19] SMP ARM
<4>Modules linked in:
<4>CPU: 0 PID: 24320 Comm: catchchallenger Tainted: G D 3.17.4-hardened #1
<4>task: eb16d400 ti: e94f2000 task.ti: e94f2000
<4>PC is at ___copy_from_user+0xac/0x3b8
<4>LR is at do_alignment+0x1f4/0x9a0
<4>pc : [<c03dbd74>] lr : [<c0114b94>] psr: 00030113
<4>sp : e94f3de4 ip : 0000001c fp : e94f3ee4
<4>r10: bf000000 r9 : e94f2000 r8 : 00000801
<4>r7 : a3ce506f r6 : 0b699348 r5 : e94f2008 r4 : e94f3fb0
<4>r3 : 00000000 r2 : ffffffe4 r1 : 0b699348 r0 : e94f3e2c
<4>Flags: nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment kernel
<4>Control: 10c5387d Table: 4730c06a DAC: 00000011
<0>Process catchchallenger (pid: 24320, stack limit = 0xe94f2240)
<0>Stack: (0xe94f3de4 to 0xe94f4000)
<0>3de0: e94f2008 0b699348 a3ce506f 00000801 e94f3e2c 00000004 00000000
<0>3e00: e94f3fb0 c0114b94 eb09f680 00000400 c013821c 0000a66e 00000000 00000000
<0>3e20: fb088c65 0f5c7e42 0000db26 00000000 e94f3e64 e94f3e40 00000000 00000000
<0>3e40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<0>3e60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<0>3e80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<0>3ea0: 00000000 00000000 00000000 00000000 00000000 00000000 eb16d400 00000801
<0>3ec0: a3ce506f e94f3fb0 c0a13500 00000000 00000000 0b743a30 e94f3fac e94f3ee8
<0>3ee0: c0100354 c01149ac 00000000 c0ec5400 e94f3f14 e94f3f00 00000000 d0184fc0
<0>3f00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<0>3f20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<0>3f40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<0>3f60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<0>3f80: e94f3fac 0b699348 60030010 ffffffff 00000000 00000000 00000000 0b743a30
<0>3fa0: 00000000 e94f3fb0 c010db8c c01002f4 a42fb23c a3ce506f 00000064 00000000
<0>3fc0: 0b743a30 0c842ab8 b3253670 00000000 00000000 00000000 0b743a30 b325366c
<0>3fe0: 00000000 b3253630 a40a9d3c 0b699348 60030010 ffffffff 00000000 00000000
<4>Backtrace:
<4>[<c01149a0>] (do_alignment+0x0/0x9a0) from [<c0100354>] (do_DataAbort+0x6c/0x1ac)
<4> r10:0b743a30 r9:00000000 r8:00000000 r7:c0a13500 r6:e94f3fb0 r5:a3ce506f
<4> r4:00000801
<4>[<c01002e8>] (do_DataAbort+0x0/0x1ac) from [<c010db8c>] (__dabt_usr+0x6c/0x80)
<4>Exception stack(0xe94f3fb0 to 0xe94f3ff8)
<4>3fa0: a42fb23c a3ce506f 00000064 00000000
<4>3fc0: 0b743a30 0c842ab8 b3253670 00000000 00000000 00000000 0b743a30 b325366c
<4>3fe0: 00000000 b3253630 a40a9d3c 0b699348 60030010 ffffffff
<4> r10:0b743a30 r9:00000000 r8:00000000 r7:00000000 r6:ffffffff r5:60030010
<4> r4:0b699348
<0>Code: e4915004 e4916004 e4917004 e4918004 (e491e004)
<4>---[ end trace 454ce2a08f1c1463 ]---
<6>note: catchchallenger[24320] exited with preempt_count 1*/
*reinterpret_cast<uint64_t *>(rawServerListForC211+1)=100;
return 0;
}
Compiled with:
- Code: Select all
g++ -pipe -g -std=c++0x main.cpp
Tested with:
- 3.17.4 and 3.18.9
- CONFIG_DEBUG_LIST=y CONFIG_PAX_MEMORY_SANITIZE=y CONFIG_PAX_MEMORY_STRUCTLEAK=y CONFIG_PAX_MEMORY_UDEREF=y CONFIG_PAX_USERCOPY=y
- Code: Select all
Using built-in specs.
COLLECT_GCC=/usr/armv7a-hardfloat-linux-gnueabi/gcc-bin/4.8.4/gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/armv7a-hardfloat-linux-gnueabi/4.8.4/lto-wrapper
Target: armv7a-hardfloat-linux-gnueabi
Configured with: /var/tmp/portage/sys-devel/gcc-4.8.4/work/gcc-4.8.4/configure --host=armv7a-hardfloat-linux-gnueabi --build=armv7a-hardfloat-linux-gnueabi --prefix=/usr --bindir=/usr/armv7a-hardfloat-linux-gnueabi/gcc-bin/4.8.4 --includedir=/usr/lib/gcc/armv7a-hardfloat-linux-gnueabi/4.8.4/include --datadir=/usr/share/gcc-data/armv7a-hardfloat-linux-gnueabi/4.8.4 --mandir=/usr/share/gcc-data/armv7a-hardfloat-linux-gnueabi/4.8.4/man --infodir=/usr/share/gcc-data/armv7a-hardfloat-linux-gnueabi/4.8.4/info --with-gxx-include-dir=/usr/lib/gcc/armv7a-hardfloat-linux-gnueabi/4.8.4/include/g++-v4 --with-python-dir=/share/gcc-data/armv7a-hardfloat-linux-gnueabi/4.8.4/python --enable-languages=c,c++ --enable-obsolete --enable-secureplt --disable-werror --with-system-zlib --disable-nls --enable-checking=release --with-bugurl=https://bugs.gentoo.org/ --with-pkgversion='Gentoo Hardened 4.8.4 p1.3, pie-0.6.1' --enable-esp --enable-libstdcxx-time --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --disable-multilib --disable-altivec --disable-fixed-point --with-float=hard --with-arch=armv7-a --with-float=hard --with-fpu=vfpv3-d16 --disable-libgcj --disable-libgomp --disable-libmudflap --disable-libssp --disable-libquadmath --enable-lto --with-cloog --disable-isl-version-check --disable-libsanitizer
Thread model: posix
gcc version 4.8.4 (Gentoo Hardened 4.8.4 p1.3, pie-0.6.1)
Same with armv7a-hardfloat-linux-gnueabi-4.8.4 and armv7a-hardfloat-linux-gnueabi-4.8.4-vanilla
I do frequently donation. It's to finish to dev my software.
Cheers,