|
From: Yeshurun, M. <mei...@in...> - 2005-12-09 07:02:16
|
Hi,
=20
Below is the context of line 7809 of toIR.c
=20
Could it be that I hit something very close to a magic number (my
application is very large), which caused more expressions inside the
'if' condition to be evaluated, until an invalid read occurred?
=20
Thanks,
Meir
=20
=20
/* We may be asked to update the guest RIP before going further. */
if (put_IP)
stmt( IRStmt_Put( OFFB_RIP, mkU64(guest_RIP_curr_instr)) );
=20
/* Spot the client-request magic sequence. */
{
UChar* code =3D (UChar*)(guest_code + delta);
/* Spot this:
C1C01D roll $29, %eax
C1C003 roll $3, %eax
C1C81B rorl $27, %eax
C1C805 rorl $5, %eax
C1C00D roll $13, %eax
C1C013 roll $19, %eax =20
*/
if (code[ 0] =3D=3D 0xC1 && code[ 1] =3D=3D 0xC0 && code[ 2] =
=3D=3D 0x1D && -
line 7809
code[ 3] =3D=3D 0xC1 && code[ 4] =3D=3D 0xC0 && code[ 5] =
=3D=3D 0x03 &&
code[ 6] =3D=3D 0xC1 && code[ 7] =3D=3D 0xC8 && code[ 8] =
=3D=3D 0x1B &&
code[ 9] =3D=3D 0xC1 && code[10] =3D=3D 0xC8 && code[11] =
=3D=3D 0x05 &&
code[12] =3D=3D 0xC1 && code[13] =3D=3D 0xC0 && code[14] =
=3D=3D 0x0D &&
code[15] =3D=3D 0xC1 && code[16] =3D=3D 0xC0 && code[17] =
=3D=3D 0x13
) {
DIP("%%edx =3D client_request ( %%eax )\n"); =20
delta +=3D 18;
jmp_lit(Ijk_ClientReq, guest_RIP_bbstart+delta);
dres.whatNext =3D Dis_StopHere;
goto decode_success;
}
}
=20
/* Eat prefixes, summarising the result in pfx and sz, and rejecting
as many invalid combinations as possible. */
n_prefixes =3D 0;
while (True) {
if (n_prefixes > 5) goto decode_failure;
=20
________________________________
From: val...@li...
[mailto:val...@li...] On Behalf Of
Yeshurun, Meir
Sent: Thursday, December 08, 2005 10:21 PM
To: val...@li...
Subject: [Valgrind-users] Valgrind log file corruption
=20
Hi,
=20
I ran Valgrind and got this:
=20
valgrind: the 'impossible' happened:
Killed by fatal signal
=3D=3D4019=3D=3D at 0x8000D55FA: disInstr_AMD64_WRK (toIR.c:7809)
=3D=3D4019=3D=3D by 0x8000E5492: disInstr_AMD64 (toIR.c:13376)
=3D=3D4019=3D=3D by 0x80009ED3E: bb_to_IR (bb_to_IR.c:187)
=3D=3D4019=3D=3D by 0x800074B75: LibVEX_Translate (vex_main.c:408)
=3D=3D4019=3D=3D by 0x80003300A: vgPlain_translate =
(libvex_basictypes.h:154)
=3D=3D4019=3D=3D by 0x80004A156: handle_tt_miss (scheduler.c:566)
=3D=3D4019=3D=3D by 0x80004A537: vgPlain_scheduler (scheduler.c:680)
=3D=3D4019=3D=3D by 0x80006A863: vgModuleLocal_thread_wrapper
(syswrap-linux.c:80)
=3D=3D4019=3D=3D by 0x800065753: run_a_thread_NORETURN
(syswrap-amd64-linux.c:144)
=20
sched status:
running_tid=3D1
=20
Thread 1: status =3D VgTs_Runnable
=20
=20
Is this an unsupported instruction? Any suggestions would be greatly
appreciated.
=20
=20
Thanks,
Meir
|