Assembler opcode CALL with +0 offset

From: Alek Lapuc (obimbus_at_poczta.onet.pl)
Date: 09/22/04

Next message: Matthew Ahrens: "Re: More questions about ZFS... / was: Re: ZFS vs. Solaris patches..."
Previous message: Daniel Berger: "Limiting kstat results to a specific module in C"
Next in thread: Gavin Maltby: "Re: Assembler opcode CALL with +0 offset"
Reply: Gavin Maltby: "Re: Assembler opcode CALL with +0 offset"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: 22 Sep 2004 09:18:47 -0700

Hi.

I'm trying to do some low-level debugging with the application working
on Solaris Sparc.
Unfortunatelly for the fragment that fails I have no source code -- I
can use only assembler dumps from core file, created by dbx or adb.

One thing confuses me. I have a stack dump as follows (a top fragment
of it):

  [1] strlen(0x0, 0x0, 0xfffffffc, 0x7efefeff, 0x81010100, 0x202d1f0),
at 0xff1b4478
  [2] _doprnt(0xfdbd0b74, 0x0, 0xffbfdcc8, 0xfffffff8, 0xffffffe0,
0xffbfdcd9), at 0xff206700
  [3] sprintf(0xffbfdd64, 0xfdbd0b74, 0x0, 0x0, 0xffbff1c0, 0x0), at
0xff2083a4
  [4] cancel_verify(0x2fed48, 0x43cd40, 0x2eb3b0, 0xffbff1c0,
0x43c888, 0xffbff1c0), at 0xfda8ab1c

But when I disassemble the code from 0xfda8ab1c I see sth like this:

0xfda8ab1c: cancel_verify+0x038c: call cancel_verify+0x38c
0xfda8ab20: cancel_verify+0x0390: or %l3, %g0, %o3
0xfda8ab24: cancel_verify+0x0394: mov 0x3, %l0
0xfda8ab28: cancel_verify+0x0398: add %fp, -0x40c, %l1
0xfda8ab2c: cancel_verify+0x039c: sethi %hi(0x0), %l2
0xfda8ab30: cancel_verify+0x03a0: or %l2, 0x0, %l2
0xfda8ab34: cancel_verify+0x03a4: mov 0x228, %l3
0xfda8ab38: cancel_verify+0x03a8: or %l0, %g0, %o0
0xfda8ab3c: cancel_verify+0x03ac: or %l1, %g0, %o1
0xfda8ab40: cancel_verify+0x03b0: or %l2, %g0, %o2

Opcode 'call' gets as an argument offset 0 (it calls itself??!?), and
not sprintf.

Frankly, I don't get it. How execution could be ever redirected to
sprintf?

Thanks in advance for any anwser.

Best regards,
Aleksander Lapuc

Next message: Matthew Ahrens: "Re: More questions about ZFS... / was: Re: ZFS vs. Solaris patches..."
Previous message: Daniel Berger: "Limiting kstat results to a specific module in C"
Next in thread: Gavin Maltby: "Re: Assembler opcode CALL with +0 offset"
Reply: Gavin Maltby: "Re: Assembler opcode CALL with +0 offset"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: How to bind JTable and data in a text file ?
... having your program construct, at run time, a fragment of source code in ... This doesn't explain why you tried to construct, at run time, a fragment of source code in a String. ...
(comp.lang.java.programmer)
Re: fetch a fragment of source code
... source code, typically one to five lines for each fragment, and each ... line contains one assignment statement. ... Where are you fetching the source code from? ... don't believe the source code is embedded within the built binaries ... ...
(microsoft.public.dotnet.languages.vb)
Re: IPv4 fragmentation --> The Rose Attack
... >initial offset zero fragment of a SYN packet. ... >bytes into the datagram. ... From the source code of ip_fragment.c follows that the worst case is if ...
(Bugtraq)
Re: This yields to 0, why?
... I can't say why it's 0 (probably something to do with sprintf, ... source code in output.c) but if you want to see the correct result, ... > MessageBox (NULL, outStr, outStr, NULL); ...
(microsoft.public.vc.language)