RFH: Re: Bug#570056: iceweasel: SIGSEGV - nsDOMEvent::AddRef

Wed, 17 Feb 2010 02:49:16 -0800 

On Wed, Feb 17, 2010 at 07:33:19AM +0100, Sandro Tosi wrote:
> > Other than that, with your core file, could you at least get (and send)
> > the output for disassemble, info registers, and info locals ?
> 
> Attached.

There definitely is something weird going on, because according to the
value in the rip register, the two first instructions of the function
have been executed. And the second should have set rax to 2. But rax is
definitely not 2, while rsp is ! And rsp is the stack pointer, so when
pushing on the third instruction, no wonder it segfaults.
But how on earth can "mov $0x2,%eax" lead to rsp being modified ?

Would someone have a better explanation than a broken CPU ?

> Program terminated with signal 11, Segmentation fault.
> #0  nsDOMEvent::AddRef (this=0x7f6bcea877f0) at nsDOMEvent.cpp:169
> 169   nsDOMEvent.cpp: No such file or directory.
>       in nsDOMEvent.cpp
> (gdb) disassemble
> Dump of assembler code for function _ZN10nsDOMEvent6AddRefEv:
> 0x00007f6c1894933c <_ZN10nsDOMEvent6AddRefEv+0>:      push   %r12
> 0x00007f6c1894933e <_ZN10nsDOMEvent6AddRefEv+2>:      mov    $0x2,%eax
> 0x00007f6c18949343 <_ZN10nsDOMEvent6AddRefEv+7>:      push   %rbp
> 0x00007f6c18949344 <_ZN10nsDOMEvent6AddRefEv+8>:      mov    %rdi,%rbp
> 0x00007f6c18949347 <_ZN10nsDOMEvent6AddRefEv+11>:     push   %rbx
> 0x00007f6c18949348 <_ZN10nsDOMEvent6AddRefEv+12>:     mov    0x18(%rdi),%rbx
> 0x00007f6c1894934c <_ZN10nsDOMEvent6AddRefEv+16>:     test   %rbx,%rbx
> 0x00007f6c1894934f <_ZN10nsDOMEvent6AddRefEv+19>:     je     0x7f6c18949386 
> <_ZN10nsDOMEvent6AddRefEv+74>
> 0x00007f6c18949351 <_ZN10nsDOMEvent6AddRefEv+21>:     mov    %ebx,%eax
> 0x00007f6c18949353 <_ZN10nsDOMEvent6AddRefEv+23>:     test   $0x1,%al
> 0x00007f6c18949355 <_ZN10nsDOMEvent6AddRefEv+25>:     jne    0x7f6c18949378 
> <_ZN10nsDOMEvent6AddRefEv+60>
> 0x00007f6c18949357 <_ZN10nsDOMEvent6AddRefEv+27>:     mov    %rbx,%rdi
> 0x00007f6c1894935a <_ZN10nsDOMEvent6AddRefEv+30>:     mov    0x8(%rbx),%r12d
> 0x00007f6c1894935e <_ZN10nsDOMEvent6AddRefEv+34>:     callq  0x7f6c18624320 
> <ns_cyclecollectorforget...@plt>
> 0x00007f6c18949363 <_ZN10nsDOMEvent6AddRefEv+39>:     test   %eax,%eax
> 0x00007f6c18949365 <_ZN10nsDOMEvent6AddRefEv+41>:     je     0x7f6c1894936e 
> <_ZN10nsDOMEvent6AddRefEv+50>
> 0x00007f6c18949367 <_ZN10nsDOMEvent6AddRefEv+43>:     lea    0x1(%r12),%eax
> 0x00007f6c1894936c <_ZN10nsDOMEvent6AddRefEv+48>:     jmp    0x7f6c1894937c 
> <_ZN10nsDOMEvent6AddRefEv+64>
> 0x00007f6c1894936e <_ZN10nsDOMEvent6AddRefEv+50>:     lea    0x1(%r12),%eax
> 0x00007f6c18949373 <_ZN10nsDOMEvent6AddRefEv+55>:     mov    %eax,0x8(%rbx)
> 0x00007f6c18949376 <_ZN10nsDOMEvent6AddRefEv+58>:     jmp    0x7f6c18949386 
> <_ZN10nsDOMEvent6AddRefEv+74>
> 0x00007f6c18949378 <_ZN10nsDOMEvent6AddRefEv+60>:     sar    %eax
> 0x00007f6c1894937a <_ZN10nsDOMEvent6AddRefEv+62>:     inc    %eax
> 0x00007f6c1894937c <_ZN10nsDOMEvent6AddRefEv+64>:     lea    
> (%rax,%rax,1),%edx
> 0x00007f6c1894937f <_ZN10nsDOMEvent6AddRefEv+67>:     or     $0x1,%edx
> 0x00007f6c18949382 <_ZN10nsDOMEvent6AddRefEv+70>:     mov    %rdx,0x18(%rbp)
> 0x00007f6c18949386 <_ZN10nsDOMEvent6AddRefEv+74>:     pop    %rbx
> 0x00007f6c18949387 <_ZN10nsDOMEvent6AddRefEv+75>:     pop    %rbp
> 0x00007f6c18949388 <_ZN10nsDOMEvent6AddRefEv+76>:     pop    %r12
> 0x00007f6c1894938a <_ZN10nsDOMEvent6AddRefEv+78>:     retq   
> End of assembler dump.
> Current language:  auto
> The current source language is "auto; currently c++".
> (gdb) info registers
> rax            0x7f6c194b6e78 140102257569400
> rbx            0x7f6bcea877f0 140101005375472
> rcx            0x0    0
> rdx            0x7fff85125ad8 140735425960664
> rsi            0x7f6c18e7b420 140102251033632
> rdi            0x7f6bcea877f0 140101005375472
> rbp            0x7fff85125ad8 0x7fff85125ad8
> rsp            0x2    0x2
> r8             0x7f6bd9197380 140101180552064
> r9             0x7f6c18ae5112 140102247272722
> r10            0x7fff85125c30 140735425961008
> r11            0x7f6bc7568808 140100882565128
> r12            0x7f6c1894cbee 140102245600238
> r13            0x7f6c1969f078 140102259568760
> r14            0x7f6bd0b00000 140101039423488
> r15            0x7f6bd0c19de0 140101040578016
> rip            0x7f6c18949343 0x7f6c18949343 <nsDOMEvent::AddRef()+7>
> eflags         0x10216        [ PF AF IF RF ]
> cs             0x33   51
> ss             0x2b   43
> ds             0x0    0
> es             0x0    0
> fs             0x0    0
> gs             0x0    0
> fctrl          0x37f  895
> fstat          0x4120 16672
> ftag           0xffff 65535
> fiseg          0x7f6c 32620
> fioff          0x17883f30     394805040
> foseg          0x7fff 32767
> fooff          0x8512c6e8     -2062367000
> fop            0x55c  1372
> mxcsr          0x1fa3 [ IE DE PE IM DM ZM OM UM PM ]
> (gdb) info locals
> No locals.
> (gdb) 


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100217104846.ga32...@glandium.org

Reply via email to