[syslinux] Crash with core32 (syslinux-3.81-pre12-68-g4a211f6)

Sebastian Herbszt herbszt at gmx.de
Tue May 26 11:59:08 PDT 2009


H. Peter Anvin wrote:
> Sebastian Herbszt wrote:
>> 
>>  8783 0000AD0B 8B25[4C040000]      <2>                 mov
>> esp,[PMESP]         ; Load protmode %esp
>>  8784 0000AD11 89E8                <2>                 mov
>> eax,ebp             ; EAX -> top of real-mode stack
>>  8785 0000AD13 FFE3                <2>                 jmp
>> ebx                 ; Go to where we need to go
>> 
>>> In both cases it looks like it's jumping through an invalid pointer.
>> 
>> Guess ebx is not what it's supposed to be since there are just a bunch
>> of 0-bytes
>> at 0x000034b4.
>> 
> 
> 0x34b4 doesn't sound right there at all; ebx should have been set on
> line 106 of core/callback.inc to core_syscall.pm_return, which should be
> a symbol in the .text segment and hence a bit above 0x100000; the exact
> address should be possible to determine via nm core/<name>.elf; e.g:
> 
> : tazenda 320 ; nm -n core/ldlinux.elf | grep core_syscall
> 0000a344 t core_syscall.rm
> 0000a354 t core_syscall.rm_return
> 00100047 t core_syscall
> 00100094 t core_syscall.pm_return <--- what should be in ebx
> 001000ad t core_syscall.no_copy
> 001000af t core_syscall.do_copy

Gives here

0000a2e0 t core_syscall.rm
0000a2f0 t core_syscall.rm_return
00100047 t core_syscall
00100094 t core_syscall.pm_return
001000ad t core_syscall.no_copy
001000af t core_syscall.do_copy

pxelinux.lst got

9215 0000A2FF 66BB[94000000]      <3>                 mov ebx,.pm_return
9216 0000A305 E933FE                     <3>                 jmp enter_pm

and tracing in bochs gives

(0) [0x0000a2ff] 0000:a2ff (unk. ctxt): mov ebx, 0x000034b4       ; 66bbb4340000

> I'm wondering if there is a linker issue...

GNU ld (GNU Binutils) 2.17.50.20070726-14 (SUSE Linux)
NASM version 0.98.39 compiled on Sep 21 2007
gcc version 4.2.1 (SUSE Linux)

- Sebastian




More information about the Syslinux mailing list