[syslinux] Crash with core32 (syslinux-3.81-pre12-68-g4a211f6)
Sebastian Herbszt
herbszt at gmx.de
Tue May 26 11:59:08 PDT 2009
H. Peter Anvin wrote:
> Sebastian Herbszt wrote:
>>
>> 8783 0000AD0B 8B25[4C040000] <2> mov
>> esp,[PMESP] ; Load protmode %esp
>> 8784 0000AD11 89E8 <2> mov
>> eax,ebp ; EAX -> top of real-mode stack
>> 8785 0000AD13 FFE3 <2> jmp
>> ebx ; Go to where we need to go
>>
>>> In both cases it looks like it's jumping through an invalid pointer.
>>
>> Guess ebx is not what it's supposed to be since there are just a bunch
>> of 0-bytes
>> at 0x000034b4.
>>
>
> 0x34b4 doesn't sound right there at all; ebx should have been set on
> line 106 of core/callback.inc to core_syscall.pm_return, which should be
> a symbol in the .text segment and hence a bit above 0x100000; the exact
> address should be possible to determine via nm core/<name>.elf; e.g:
>
> : tazenda 320 ; nm -n core/ldlinux.elf | grep core_syscall
> 0000a344 t core_syscall.rm
> 0000a354 t core_syscall.rm_return
> 00100047 t core_syscall
> 00100094 t core_syscall.pm_return <--- what should be in ebx
> 001000ad t core_syscall.no_copy
> 001000af t core_syscall.do_copy
Gives here
0000a2e0 t core_syscall.rm
0000a2f0 t core_syscall.rm_return
00100047 t core_syscall
00100094 t core_syscall.pm_return
001000ad t core_syscall.no_copy
001000af t core_syscall.do_copy
pxelinux.lst got
9215 0000A2FF 66BB[94000000] <3> mov ebx,.pm_return
9216 0000A305 E933FE <3> jmp enter_pm
and tracing in bochs gives
(0) [0x0000a2ff] 0000:a2ff (unk. ctxt): mov ebx, 0x000034b4 ; 66bbb4340000
> I'm wondering if there is a linker issue...
GNU ld (GNU Binutils) 2.17.50.20070726-14 (SUSE Linux)
NASM version 0.98.39 compiled on Sep 21 2007
gcc version 4.2.1 (SUSE Linux)
- Sebastian
More information about the Syslinux
mailing list