|
From: Nicholas N. <nj...@ca...> - 2003-09-29 16:36:00
|
On Mon, 29 Sep 2003, Steve G wrote: > I seem to have found a problem. Since I'm familiar with xinetd, I > starting trying it on xinetd-2.3.12. I get the following message: > > Invalid NEG: pointer arg > ==7441== at 0x4024B9B3: memset (in /lib/libc-2.3.2.so) > ==7441== by 0x805D722: Smorefds (siosup.c:877) > ==7441== by 0x804F7FE: setup_file_descriptors (init.c:94) > ==7441== by 0x804FBEA: init_daemon (init.c:317) Interesting. I get these in a couple of places too, although I don't know why anyone would want to negate a pointer. But then, I have discovered that several things I wouldn't have expected happen legitimately, eg. multiplying a heap pointer with a scalar (Mozilla Firebird does it in a hash function). So they're probably legitimate, in which case I will turn off the warnings (no great loss; the type-error warnings are less important than the array over/under-run warnings). Before I do this, I'd like to see the assembly code to try to understand why someone would do this. I would greatly appreciate it if you could hunt down the relevant asm sequence for me. Here's how I have done this in similar situations: - start up program under Annelid; hopefully it pauses, giving you time to do stuff (if it's a daemon that should be ok) - look up /proc/<pid>/maps - find the address of the text segment of the library in which the problem occurred (/lib/libc-2.3.2.so in this case), call it A - subtract A from the address at which the problem occurred (0x4024B9B3), giving the offset within the library - use objdump -d on the library to disassemble it, and find the place where the instruction is. - look at the asm, see if what it's doing looks vaguely sensible, turn off the warning if so I tried doing this with OpenOffice, which gives a small number of NEG complaints, but the library seemed to be moved between the error occurring and me looking it up. Or if you know any less laborious ways of doing this I'd like to know :) N |
|
From: Steve G <lin...@ya...> - 2003-09-29 17:13:13
|
Hello,
Using gcc -S, this code:
old_size = __sio_n_descriptors * sizeof( mapd_s ) ;
new_size = n_fds * sizeof( mapd_s ) ;
new_size += old_size;
is_static = ( mmap_descriptors == NULL ) ;
p = sioexpand( (char *)mmap_descriptors, old_size, new_size,
is_static ) ;
if ( p == NULL )
return( SIO_ERR ) ;
memset(p+old_size, 0, new_size-old_size);
Is this:
.L137:
.loc 1 868 0
movl %edx, %edi
.loc 1 869 0
movl -16(%ebp), %ebx
.loc 1 868 0
sall $5, %edi
.loc 1 871 0
movl mmap_descriptors, %edx
.loc 1 869 0
sall $5, %ebx
.loc 1 870 0
addl %edi, %ebx
.loc 1 871 0
xorl %eax, %eax
testl %edx, %edx
sete %al
.loc 1 872 0
pushl %eax
pushl %ebx
pushl %edi
pushl %edx
.LCFI108:
call sioexpand
movl %eax, %esi
.loc 1 873 0
addl $16, %esp
testl %esi, %esi
movl $-1, %eax
je .L136
.loc 1 877 0
.LBB46:
leal (%edi,%esi), %eax
subl %edi, %ebx
pushl %edi
pushl %ebx
pushl $0
pushl %eax
call memset
Hope this helps...
-Steve Grubb
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
|