>> >You have not used "ret" instruction in AsmFn2, I guess it will cause >> >undefined behavior. I think it has nothing to do with how you compile >> >the code. It works perfectly after adding ret instruction at the end >> >of AsmFn2. Correct me if I am missing something here. >> >> >> Thanks. That was the problem, I didn't notice that. Sorry for the stupid >> question.
>Can you explain why the lack of 'ret' in AsmFn2 cause a segfault ? And >why does this not happen when you pass the C file before the asm to >GCC? If we look at the dis-assembly of the binary 'good', we can see that 'AsmFn2' is followed by the function '__libc_csu_fini'. When the control enters the function AsmFn2, since it doesn't have a 'ret' statement after the 'leave' instruction, it would execute the instructions below it and would reach the point '80483c4:' in the function '__libc_csu_fini' & since it encounters a 'ret' instruction there, it would return as if it is returning from AsmFn2. If we look at the instructions below the leave instruction in AsmFn2, we can see that these statements doesn't create any stack corruption or any other access violation. good - disassembled -------------------- 080483b2 <AsmFn2>: 80483b2: 55 push %ebp 80483b3: 89 e5 mov %esp,%ebp 80483b5: c9 leave 80483b6: 90 nop 80483b7: 90 nop 80483b8: 90 nop 80483b9: 90 nop 80483ba: 90 nop 80483bb: 90 nop 80483bc: 90 nop 80483bd: 90 nop 80483be: 90 nop 80483bf: 90 nop 080483c0 <__libc_csu_fini>: 80483c0: 55 push %ebp 80483c1: 89 e5 mov %esp,%ebp 80483c3: 5d pop %ebp 80483c4: c3 ret 80483c5: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi 80483c9: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi If we disassemble the binary 'bad', we can see that AsmFn2 is followed by the function Main. As before, once the control enters AsmFn2, since it doesn't have a ret statement, it would execute the instructions below and would enter the function main & that would again call AsmFn1->AsmFn2->main and this process continues and I think after a point of time, stack corruption happens. bad - disassembled ------------------ 0804839e <AsmFn2>: 804839e: 55 push %ebp 804839f: 89 e5 mov %esp,%ebp 80483a1: c9 leave 80483a2: 90 nop 80483a3: 90 nop 080483a4 <main>: 80483a4: 55 push %ebp 80483a5: 89 e5 mov %esp,%ebp 80483a7: 83 e4 f0 and $0xfffffff0,%esp 80483aa: e8 e5 ff ff ff call 8048394 <AsmFn1> 80483af: b8 00 00 00 00 mov $0x0,%eax 80483b4: 89 ec mov %ebp,%esp 80483b6: 5d pop %ebp 80483b7: c3 ret 80483b8: 90 nop 80483b9: 90 nop -- Sudheer
