gdb_tutorial/workbook.rtf at master · metiscus/gdb_tutorial · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
{\rtf1\ansi\deff3\adeflang1025
{\fonttbl{\f0\froman\fprq2\fcharset0 Times New Roman;}{\f1\froman\fprq2\fcharset2 Symbol;}{\f2\fswiss\fprq2\fcharset0 Arial;}{\f3\froman\fprq2\fcharset0 Liberation Serif{\*\falt Times New Roman};}{\f4\fswiss\fprq2\fcharset0 Liberation Sans{\*\falt Arial};}{\f5\fnil\fprq0\fcharset2 OpenSymbol{\*\falt Arial Unicode MS};}{\f6\fmodern\fprq1\fcharset0 Liberation Mono{\*\falt Courier New};}{\f7\fnil\fprq2\fcharset0 WenQuanYi Micro Hei;}{\f8\fmodern\fprq1\fcharset0 Courier New;}{\f9\fnil\fprq2\fcharset0 FreeSans;}{\f10\fswiss\fprq0\fcharset128 FreeSans;}}
{\colortbl;\red0\green0\blue0;\red0\green0\blue255;\red0\green255\blue255;\red0\green255\blue0;\red255\green0\blue255;\red255\green0\blue0;\red255\green255\blue0;\red255\green255\blue255;\red0\green0\blue128;\red0\green128\blue128;\red0\green128\blue0;\red128\green0\blue128;\red128\green0\blue0;\red128\green128\blue0;\red128\green128\blue128;\red192\green192\blue192;}
{\stylesheet{\s0\snext0\widctlpar\hyphpar0\cf0\kerning1\dbch\af7\langfe2052\dbch\af9\afs24\alang1081\loch\f3\hich\af3\fs24\lang1033 Normal;}
{\s1\sbasedon16\snext17\ilvl0\outlinelevel0\sb240\sa120\keepn\b\dbch\af7\dbch\af9\afs36\ab\loch\f4\fs36 Heading 1;}
{\s2\sbasedon16\snext17\ilvl1\outlinelevel1\sb200\sa120\keepn\b\dbch\af7\dbch\af9\afs32\ab\loch\f4\fs32 Heading 2;}
{\*\cs15\snext15\dbch\af5\dbch\af5\loch\f5 Bullets;}
{\s16\sbasedon0\snext17\sb240\sa120\keepn\dbch\af7\dbch\af9\afs28\loch\f4\fs28 Heading;}
{\s17\sbasedon0\snext17\sl288\slmult1\sb0\sa140 Text Body;}
{\s18\sbasedon17\snext18\sl288\slmult1\sb0\sa140\dbch\af10 List;}
{\s19\sbasedon0\snext19\sb120\sa120\noline\i\dbch\af10\afs24\ai\fs24 Caption;}
{\s20\sbasedon0\snext20\noline\dbch\af10 Index;}
{\s21\sbasedon16\snext17\qc\sb240\sa120\keepn\b\dbch\af7\dbch\af9\afs56\ab\loch\f4\fs56 Title;}
{\s22\sbasedon16\snext17\qc\sb60\sa120\keepn\dbch\af7\dbch\af9\afs36\loch\f4\fs36 Subtitle;}
{\s23\sbasedon0\snext23\li567\ri567\lin567\rin567\fi0\sb0\sa283 Quotations;}
{\s24\sbasedon0\snext24\sb0\sa0\dbch\af8\dbch\af6\afs20\loch\f6\fs20 Preformatted Text;}
}{\*\listtable{\list\listtemplateid1
{\listlevel\levelnfc255\leveljc0\levelstartat1\levelfollow2{\leveltext \'00;}{\levelnumbers;}\fi0\li0}
{\listlevel\levelnfc255\leveljc0\levelstartat1\levelfollow2{\leveltext \'00;}{\levelnumbers;}\fi0\li0}
{\listlevel\levelnfc255\leveljc0\levelstartat1\levelfollow2{\leveltext \'00;}{\levelnumbers;}\fi0\li0}
{\listlevel\levelnfc255\leveljc0\levelstartat1\levelfollow2{\leveltext \'00;}{\levelnumbers;}\fi0\li0}
{\listlevel\levelnfc255\leveljc0\levelstartat1\levelfollow2{\leveltext \'00;}{\levelnumbers;}\fi0\li0}
{\listlevel\levelnfc255\leveljc0\levelstartat1\levelfollow2{\leveltext \'00;}{\levelnumbers;}\fi0\li0}
{\listlevel\levelnfc255\leveljc0\levelstartat1\levelfollow2{\leveltext \'00;}{\levelnumbers;}\fi0\li0}
{\listlevel\levelnfc255\leveljc0\levelstartat1\levelfollow2{\leveltext \'00;}{\levelnumbers;}\fi0\li0}
{\listlevel\levelnfc255\leveljc0\levelstartat1\levelfollow2{\leveltext \'00;}{\levelnumbers;}\fi0\li0}\listid1}
{\list\listtemplateid2
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u8226 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li720}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9702 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li1080}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9642 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li1440}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u8226 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li1800}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9702 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li2160}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9642 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li2520}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u8226 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li2880}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9702 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li3240}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9642 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li3600}\listid2}
{\list\listtemplateid3
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u8226 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li720}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9702 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li1080}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9642 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li1440}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u8226 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li1800}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9702 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li2160}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9642 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li2520}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u8226 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li2880}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9702 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li3240}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9642 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li3600}\listid3}
{\list\listtemplateid4
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u8226 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li720}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9702 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li1080}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9642 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li1440}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u8226 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li1800}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9702 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li2160}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9642 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li2520}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u8226 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li2880}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9702 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li3240}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9642 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li3600}\listid4}
{\list\listtemplateid5
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u8226 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li720}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9702 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li1080}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9642 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li1440}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u8226 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li1800}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9702 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li2160}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9642 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li2520}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u8226 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li2880}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9702 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li3240}
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow0{\leveltext \'01\u9642 ?;}{\levelnumbers;}\f5\dbch\af5\fi-360\li3600}\listid5}
}{\listoverridetable{\listoverride\listid1\listoverridecount0\ls1}{\listoverride\listid2\listoverridecount0\ls2}{\listoverride\listid3\listoverridecount0\ls3}{\listoverride\listid4\listoverridecount0\ls4}{\listoverride\listid5\listoverridecount0\ls5}}{\*\generator LibreOffice/5.4.4.2$Linux_X86_64 LibreOffice_project/40m0$Build-2}{\info{\author Michael Bosse}{\creatim\yr2018\mo5\dy17\hr13\min37}{\author Michael Bosse}{\revtim\yr2018\mo5\dy17\hr15\min9}{\printim\yr0\mo0\dy0\hr0\min0}}{\*\userprops}\deftab709
\viewscale100
{\*\pgdsctbl
{\pgdsc0\pgdscuse451\pgwsxn12240\pghsxn15840\marglsxn1134\margrsxn1134\margtsxn1134\margbsxn1134\pgdscnxt0 Default Style;}}
\formshade\paperh15840\paperw12240\margl1134\margr1134\margt1134\margb1134\sectd\sbknone\sectunlocked1\pgndec\pgwsxn12240\pghsxn15840\marglsxn1134\margrsxn1134\margtsxn1134\margbsxn1134\ftnbj\ftnstart1\ftnrstcont\ftnnar\aenddoc\aftnrstcont\aftnstart1\aftnnrlc
{\*\ftnsep\chftnsep}\pgndec\pard\plain \s21\qc\sb240\sa120\keepn\b\dbch\af7\dbch\af9\afs56\ab\loch\f4\fs56\sb240\sa120{\rtlch \ltrch\loch
GDB Workbook}
\par \pard\plain \s22\qc\sb60\sa120\keepn\dbch\af7\dbch\af9\afs36\loch\f4\fs36{\rtlch \ltrch\loch
A }{\rtlch \ltrch\loch
trip}{\rtlch \ltrch\loch
 down memory lane}
\par \pard\plain \s1\ilvl0\outlinelevel0\sb240\sa120\keepn\b\dbch\af7\dbch\af9\afs36\ab\loch\f4\fs36{\listtext\pard\plain \tab}\ls1 \li0\ri0\lin0\rin0\fi0{\rtlch \ltrch\loch
License}
\par \pard\plain \s24\sb0\sa0\dbch\af8\dbch\af6\afs20\loch\f6\fs20{\rtlch \ltrch
    }{\rtlch \ltrch\loch
Copyright (C)  }{\rtlch \ltrch\loch
2018}{\rtlch \ltrch\loch
  }{\rtlch \ltrch\loch
Michael A Bosse}{\rtlch \ltrch\loch
.}
\par \pard\plain \s24\sb0\sa0\dbch\af8\dbch\af6\afs20\loch\f6\fs20{\rtlch \ltrch
    }{\rtlch \ltrch\loch
Permission is granted to copy, distribute and/or modify this document}
\par \pard\plain \s24\sb0\sa0\dbch\af8\dbch\af6\afs20\loch\f6\fs20{\rtlch \ltrch
    }{\rtlch \ltrch\loch
under the terms of the GNU Free Documentation License, Version 1.3}
\par \pard\plain \s24\sb0\sa0\dbch\af8\dbch\af6\afs20\loch\f6\fs20{\rtlch \ltrch
    }{\rtlch \ltrch\loch
or any later version published by the Free Software Foundation;}
\par \pard\plain \s24\sb0\sa0\dbch\af8\dbch\af6\afs20\loch\f6\fs20{\rtlch \ltrch
    }{\rtlch \ltrch\loch
with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.}
\par \pard\plain \s24\sb0\sa0\dbch\af8\dbch\af6\afs20\loch\f6\fs20\rtlch \ltrch\loch

\par \pard\plain \s1\ilvl0\outlinelevel0\sb240\sa120\keepn\b\dbch\af7\dbch\af9\afs36\ab\loch\f4\fs36{\listtext\pard\plain \tab}\ls1 \li0\ri0\lin0\rin0\fi0{\rtlch \ltrch\loch
Setup}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
Make the test programs by opening a console window into the source directory and typing make.}
\par \pard\plain \s1\ilvl0\outlinelevel0\sb240\sa120\keepn\b\dbch\af7\dbch\af9\afs36\ab\loch\f4\fs36{\listtext\pard\plain \tab}\ls1 \li0\ri0\lin0\rin0\fi0{\rtlch \ltrch\loch
Problem 1}
\par \pard\plain \s2\ilvl1\outlinelevel1\sb200\sa120\keepn\b\dbch\af7\dbch\af9\afs32\ab\loch\f4\fs32{\listtext\pard\plain \tab}\ls1 \li0\ri0\lin0\rin0\fi0{\rtlch \ltrch\loch
Objectives}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\listtext\pard\plain \dbch\af5\dbch\af5\loch\f5 \u8226\'95\tab}\ilvl0\ls2 \li720\ri0\lin720\rin0\fi-360{\rtlch \ltrch\loch
Learn how to launch gdb}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\listtext\pard\plain \dbch\af5\dbch\af5\loch\f5 \u8226\'95\tab}\ilvl0\ls2 \li720\ri0\lin720\rin0\fi-360{\rtlch \ltrch\loch
Learn how to debug a crash live}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\listtext\pard\plain \dbch\af5\dbch\af5\loch\f5 \u8226\'95\tab}\ilvl0\ls2 \li720\ri0\lin720\rin0\fi-360{\rtlch \ltrch\loch
Learn how to analyze a core file}
\par \pard\plain \s2\ilvl1\outlinelevel1\sb200\sa120\keepn\b\dbch\af7\dbch\af9\afs32\ab\loch\f4\fs32{\listtext\pard\plain \tab}\ls1 \li0\ri0\lin0\rin0\fi0{\rtlch \ltrch\loch
Instructions}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
Run problem_1 and observe that it crashes:}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
./problem_1 }
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
[1]    18489 segmentation fault (core dumped)  ./problem_1}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
So we are presented with a binary that is crashing when we run it. Let\u8217\'92s try to make it crash under debug. Launch gdb as follows:}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
gdb ./problem_1}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
Now run the program under execution with the run command.}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
(gdb) run}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
Starting program: }{\rtlch \ltrch\loch
p}{\rtlch \ltrch\loch
roblem_1 }
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283\rtlch \ltrch\loch

\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
Program received signal SIGSEGV, Segmentation fault.}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
0x0000555555554665 in main (argc=1, argv=0x7fffffffdef8) at problem_1.c:11}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
11\tab     printf("The number is: %d\\n", *pointer);}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
GDB stops execution when the crash is detected and indicates the type of crash (SIGSEGV) and the location of the crash (the main function located at problem_1.c:11) and also displays the line of source code that caused the crash.}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
Looking at the source code for the main function reveals the cause of the crash.}
\par \pard\plain \s24\sb0\sa0\dbch\af8\dbch\af6\afs20\loch\f6\fs20{\rtlch \ltrch\loch
7\tab }{\rtlch \ltrch\loch
int main(int argc, char** argv)}
\par \pard\plain \s24\sb0\sa0\dbch\af8\dbch\af6\afs20\loch\f6\fs20{\rtlch \ltrch\loch
8\tab }{\rtlch \ltrch\loch
\{}
\par \pard\plain \s24\sb0\sa0\dbch\af8\dbch\af6\afs20\loch\f6\fs20{\rtlch \ltrch\loch
9\tab }{\rtlch \ltrch\loch
    int *pointer = 0;}
\par \pard\plain \s24\sb0\sa0\dbch\af8\dbch\af6\afs20\loch\f6\fs20{\rtlch \ltrch\loch
10}
\par \pard\plain \s24\sb0\sa0\dbch\af8\dbch\af6\afs20\loch\f6\fs20{\rtlch \ltrch\loch
11\tab }{\rtlch \ltrch\loch
    printf("The number is: %d\\n", *pointer);}
\par \pard\plain \s24\sb0\sa0\dbch\af8\dbch\af6\afs20\loch\f6\fs20{\rtlch \ltrch\loch
12}
\par \pard\plain \s24\sb0\sa0\dbch\af8\dbch\af6\afs20\loch\f6\fs20{\rtlch \ltrch\loch
13\tab }{\rtlch \ltrch\loch
    return 0;}
\par \pard\plain \s24\sb0\sa0\dbch\af8\dbch\af6\afs20\loch\f6\fs20{\rtlch \ltrch\loch
14\tab }{\rtlch \ltrch\loch
\}}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140\rtlch \ltrch\loch

\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
It is clear from this that the printf function is attempting to dereference a pointer with a null value. The memory address 0 is not within the address space of any program on a typical computer so 0 is an invalid memory access which causes a segmentation fault or SIGSEGV.}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
Now, sometimes it is not possible or desirable to run a problematic binary directly under gdb. It is still possible to determine what caused a program to crash under most circumstances. Exit out of gdb.}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
Invoke gdb with the following syntax to analyze the core file that was generated when we first ran the program.}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
gdb problem_1 core}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
Core was generated by `./problem_1'.}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
Program terminated with signal SIGSEGV, Segmentation fault.}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
#0  0x00005565fc38d665 in main (argc=1, argv=0x7ffce3185fd8) at problem_1.c:11}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
11\tab     printf("The number is: %d\\n", *pointer);}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
You will notice that the same information is presented to you even though you did not run the program using gdb. Core files are a very useful way to }{\rtlch \ltrch\loch
obtain information about a crash without having to observe the crash under debug.}
\par \pard\plain \s1\ilvl0\outlinelevel0\sb240\sa120\keepn\b\dbch\af7\dbch\af9\afs36\ab\loch\f4\fs36{\listtext\pard\plain \tab}\ls1 \li0\ri0\lin0\rin0\fi0{\rtlch \ltrch\loch
Problem }{\rtlch \ltrch\loch
2}
\par \pard\plain \s2\ilvl1\outlinelevel1\sb200\sa120\keepn\b\dbch\af7\dbch\af9\afs32\ab\loch\f4\fs32{\listtext\pard\plain \tab}\ls1 \li0\ri0\lin0\rin0\fi0{\rtlch \ltrch\loch
Objectives}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\listtext\pard\plain \dbch\af5\dbch\af5\loch\f5 \u8226\'95\tab}\ilvl0\ls2 \li720\ri0\lin720\rin0\fi-360{\rtlch \ltrch\loch
Debug a more serious issue using gdb}
\par \pard\plain \s2\ilvl1\outlinelevel1\sb200\sa120\keepn\b\dbch\af7\dbch\af9\afs32\ab\loch\f4\fs32{\listtext\pard\plain \tab}\ls1 \li0\ri0\lin0\rin0\fi0{\rtlch \ltrch\loch
Instructions}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
Open the source code for problem_2, problem_2.c and give it a quick read. You should ask yourself the following questions:}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\listtext\pard\plain \dbch\af5\dbch\af5\loch\f5 \u8226\'95\tab}\ilvl0\ls4 \li720\ri0\lin720\rin0\fi-360{\rtlch \ltrch\loch
What is the intended output of this program?}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\listtext\pard\plain \dbch\af5\dbch\af5\loch\f5 \u8226\'95\tab}\ilvl0\ls4 \li720\ri0\lin720\rin0\fi-360{\rtlch \ltrch\loch
Will this program crash when run?}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
Now, run problem_2 and observe what happens. }
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
While it did not crash like the previous example, something strange did happen! We expected the string \u8220\'93}{\rtlch \ltrch\loch
0123456789ABCDEF0123456789ABCDEF\u8221\'94 }{\rtlch \ltrch\loch
to be printed on a single line. But what actually happens?}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
./}{\rtlch \ltrch\loch
program_2}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
The string is: 0123456789ABCDEF0123456789ABCDEFOOPS OVERFLOW!}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
Something odd is going on! The expected string did print but then some extra characters appear that were not part of the intended message. Looking at the source code it may not be immediately obvious where they came from. Even if you can see through this cheap trick, it pays to analyze this one under the debugger. }{\rtlch \ltrch\loch
Set a breakpoint on line 16 and run the program.}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
Reading symbols from ./problem_2...done.}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
(gdb) b 16}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
Breakpoint 1 at 0x58d: file problem_2.c, line 16.}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
(gdb) r}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
Breakpoint 1, main (argc=1, argv=0xffffd094) at problem_2.c:16}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
16\tab     printf("The string is: %s\\n", string);}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
It is logical to think that the string variable contains the erroneous text seen in the message. So let\u8217\'92s examine the value of that variable.}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
(gdb) p string}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
$1 = "0123456789ABCDEF0123456789ABCDEF"}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
Curiously the value appears to be what we expect rather than what we observe to be printed. Why then did we see the erroneous string? The answer will take a little explaining about how gdb works with variables (particularly arrays on the stack). Without justification, enter the following statement into gdb.}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
(gdb) p (char*)string}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
$2 = 0xffffcfb0 "0123456789ABCDEF0123456789ABCDEFOOPS OVERFLOW!"}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
Aha! There is the erroneous string output that we expect, but why did we have to type what we did and what exactly did that do?}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
Gdb uses type information generated by the compiler and stored within the binary (or provided by external debug data, more on this later) to interpret the values stored in memory. To determine the type that gdb thinks a variable has, we can use either whatis or ptype on the variable (see the accompanying pdf or the gdb manual for more information on the difference between these). Do so now.}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
(gdb) ptype string}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
type = char [32]}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
So gdb is correct that string is a character array of length 32. However, the printf function does not know the difference between a char[32] and a char*, effectively the length data is dropped when the array is passed as a parameter to printf. When we cast string to a char* like we did before, gdb interprets the data as a null terminated string without associated length data and therefore displays the erroneous data. We now have more knowledge but why are we seeing this erroneous output in the first place?}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
We can use the examine command to shed some more light on the issue. Let\u8217\'92s examine the memory pointed to by string. }{\rtlch \ltrch\loch
W}{\rtlch \ltrch\loch
e will do so as follows (see the accompanying documentation as to the syntax of the x command).}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
(gdb) x/32b string}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
0xffffcfb0:\tab 48\tab 49\tab 50\tab 51\tab 52\tab 53\tab 54\tab 55}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
0xffffcfb8:\tab 56\tab 57\tab 65\tab 66\tab 67\tab 68\tab 69\tab 70}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
0xffffcfc0:\tab 48\tab 49\tab 50\tab 51\tab 52\tab 53\tab 54\tab 55}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
0xffffcfc8:\tab 56\tab 57\tab 65\tab 66\tab 67\tab 68\tab 69\tab 70}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
Because string is interpreted by the printf function as null terminated, the last value of the string should be 00. The values displayed by the examine command show that there are no null characters within the data of string, so printf will continue reading memory until it finds a null character (or crashes!!). }{\rtlch \ltrch\loch
Without justification issue the following two commands:}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
x/47b string}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
0xffffcfb0:\tab 48\tab 49\tab 50\tab 51\tab 52\tab 53\tab 54\tab 55}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
0xffffcfb8:\tab 56\tab 57\tab 65\tab 66\tab 67\tab 68\tab 69\tab 70}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
0xffffcfc0:\tab 48\tab 49\tab 50\tab 51\tab 52\tab 53\tab 54\tab 55}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
0xffffcfc8:\tab 56\tab 57\tab 65\tab 66\tab 67\tab 68\tab 69\tab 70}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
0xffffcfd0:\tab 79\tab 79\tab 80\tab 83\tab 32\tab 79\tab 86\tab 69}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
0xffffcfd8:\tab 82\tab 70\tab 76\tab 79\tab 87\tab 33\tab 0}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
(gdb) x/12wx string}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
0xffffcfb0:\tab 0x33323130\tab 0x37363534\tab 0x42413938\tab 0x46454443}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
0xffffcfc0:\tab 0x33323130\tab 0x37363534\tab 0x42413938\tab 0x46454443}
\par \pard\plain \s23\li567\ri567\lin567\rin567\fi0\sb0\sa283{\rtlch \ltrch\loch
0xffffcfd0:\tab }{\b\ab\rtlch \ltrch\loch
0x53504f4f\tab 0x45564f20\tab 0x4f4c4652}{\rtlch \ltrch\loch
\tab 0x00002157}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
From the output of the first command we can see that eventually after 47 bytes, a null character is reached by printf and the output stops. I suggest you look back at the source code of this problem. Do any of the values of the second statement look familiar? The erroneous string shown to the user is actually those numbers interpreted as ASCII characters. Cool.}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\rtlch \ltrch\loch
This raises some interesting questions that I will leave as an exercise to the reader.}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\listtext\pard\plain \dbch\af5\dbch\af5\loch\f5 \u8226\'95\tab}\ilvl0\ls5 \li720\ri0\lin720\rin0\fi-360{\rtlch \ltrch\loch
We used strncpy and specified the correct length of the buffer, why did this happen? Doesn\u8217\'92t strncpy }{\ul\ulc0\rtlch \ltrch\loch
always}{\ulnone\ulc0\rtlch \ltrch\loch
 add}{\rtlch \ltrch\loch
 a null terminator to strings?}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\listtext\pard\plain \dbch\af5\dbch\af5\loch\f5 \u8226\'95\tab}\ilvl0\ls5 \li720\ri0\lin720\rin0\fi-360{\rtlch \ltrch\loch
Why did the data of string appear before the data of pointer when it was ouput?}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\listtext\pard\plain \dbch\af5\dbch\af5\loch\f5 \u8226\'95\tab}\ilvl0\ls5 \li720\ri0\lin720\rin0\fi-360{\rtlch \ltrch\loch
Why was the data of pointer output at all? Shouldn\u8217\'92t printf have found the data defined after it?}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\listtext\pard\plain \dbch\af5\dbch\af5\loch\f5 \u8226\'95\tab}\ilvl0\ls5 \li720\ri0\lin720\rin0\fi-360{\rtlch \ltrch\loch
Use an ASCII table and carefully examine the values in the pointer array. Why are the strings in the order that they are in? Is there a name for this?}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\listtext\pard\plain \dbch\af5\dbch\af5\loch\f5 \u8226\'95\tab}\ilvl0\ls5 \li720\ri0\lin720\rin0\fi-360{\rtlch \ltrch\loch
What mechanisms can you think of to prevent this type of issue from happening?}
\par \pard\plain \s1\ilvl0\outlinelevel0\sb240\sa120\keepn\b\dbch\af7\dbch\af9\afs36\ab\loch\f4\fs36\pagebb{\listtext\pard\plain \tab}\ls1 \li0\ri0\lin0\rin0\fi0{\rtlch \ltrch\loch
Troubleshooting}
\par \pard\plain \s2\ilvl1\outlinelevel1\sb200\sa120\keepn\b\dbch\af7\dbch\af9\afs32\ab\loch\f4\fs32{\listtext\pard\plain \tab}\ls1 \li0\ri0\lin0\rin0\fi0{\rtlch \ltrch\loch
Core Dumps}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\listtext\pard\plain \dbch\af5\dbch\af5\loch\f5 \u8226\'95\tab}\ilvl0\ls3 \li720\ri0\lin720\rin0\fi-360{\rtlch \ltrch\loch
Core dumps are not being generated}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\listtext\pard\plain \dbch\af5\dbch\af5\loch\f5 \u9702\'3f\tab}\ilvl1\ls3 \li1080\ri0\lin1080\rin0\fi-360{\rtlch \ltrch\loch
On bash you may need to issue the following command to enable the generation of core dump}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140{\listtext\pard\plain \dbch\af5\dbch\af5\loch\f5 \u9642\'3f\tab}\ilvl2\ls3 \li1440\ri0\lin1440\rin0\fi-360{\rtlch \ltrch\loch
ulimit -c unlimited}
\par \pard\plain \s17\sl288\slmult1\sb0\sa140\li720\ri0\lin720\rin0\fi0\sb0\sa140\rtlch \ltrch\loch

\par }