[syslinux] Crash with core32 (syslinux-3.81-pre12-68-g4a211f6)

H. Peter Anvin hpa at zytor.com
Mon May 25 16:00:04 PDT 2009


Sebastian Herbszt wrote:
> 
>  8783 0000AD0B 8B25[4C040000]      <2>                 mov
> esp,[PMESP]         ; Load protmode %esp
>  8784 0000AD11 89E8                <2>                 mov
> eax,ebp             ; EAX -> top of real-mode stack
>  8785 0000AD13 FFE3                <2>                 jmp
> ebx                 ; Go to where we need to go
> 
>> In both cases it looks like it's jumping through an invalid pointer.
> 
> Guess ebx is not what it's supposed to be since there are just a bunch
> of 0-bytes
> at 0x000034b4.
> 

0x34b4 doesn't sound right there at all; ebx should have been set on
line 106 of core/callback.inc to core_syscall.pm_return, which should be
a symbol in the .text segment and hence a bit above 0x100000; the exact
address should be possible to determine via nm core/<name>.elf; e.g:

: tazenda 320 ; nm -n core/ldlinux.elf | grep core_syscall
0000a344 t core_syscall.rm
0000a354 t core_syscall.rm_return
00100047 t core_syscall
00100094 t core_syscall.pm_return	<--- what should be in ebx
001000ad t core_syscall.no_copy
001000af t core_syscall.do_copy

I'm wondering if there is a linker issue...

	-hpa

-- 
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel.  I don't speak on their behalf.




More information about the Syslinux mailing list