assembly stack assignment segfault.

Question

scott__ 0 Newbie Poster

14 Years Ago

hello,
this is my first post on this forum!

i have a strange bug that i get when using the player/stage project.
I have compiled it with the MinGW compiler and it works fine on my
vista laptop. However, on a lower spec XP PC it segfaults. Using GDB,
i've disassembled the function causing the segfault as follows:

Dump of assembler code for function _Z20lasercspace_RegisterP11DriverTable:
0x00af7fe0 <+0>: push %ebp
0x00af7fe1 <+1>: mov %esp,%ebp
0x00af7fe3 <+3>: sub $0x18,%esp
0x00af7fe6 <+6>: movl $0xaf7f24,0x8(%esp)
0x00af7fee <+14>: movl $0xbdcc00,0x4(%esp)
0x00af7ff6 <+22>: mov 0x8(%ebp),%eax
0x00af7ff9 <+25>: mov %eax,(%esp)
0x00af7ffc <+28>: mov 0xc0a6a0,%eax
0x00af8001 <+33>: call *%eax
0x00af8003 <+35>: leave
0x00af8004 <+36>: ret
End of assembler dump.

which seems to be fairly straightforward, except that the crash is at <+28> and i dont know why!

Any help much appreciated,
Thanks
--scott

PS C++ code in case its useful
148 // a driver registration function
149 void lasercspace_Register(DriverTable* table)
150 {
151 table->AddDriver("lasercspace", LaserCSpace_Init);
152 }

where LaserCSpace_Init is a function pointer.

assembly

2 Contributors
4 Replies
139 Views
1 Day Discussion Span
Latest Post 14 Years Ago Latest Post by scott__

All 4 Replies

Salem 5,138 Posting Sage

14 Years Ago

You need to post some of the source code instead.

There is almost no information to work with based on what you've posted.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

scott__ 0 Newbie Poster · Answer 1 · 2010-02-01T12:13:26+00:00

Thanks for your reply.

There is almost no information to work with based on what you've posted.

Yes, unfortunately there is almost no information to give!

The program is Player 3.0.1 from Player/Stage. It registers drivers as follows:

PLAYERDRIVER_EXPORT void player_register_drivers()
{
  localbb_Register(driverTable);
  cmvision_Register(driverTable);
  shapetracker_Register(driverTable);
  simpleshape_Register(driverTable);
  upcbarcode_Register(driverTable);
  camfilter_Register(driverTable);
  cameracompress_Register(driverTable);
  camerauncompress_Register(driverTable);
  cvcam_Register(driverTable);
  imageseq_Register(driverTable);
  bitlogic_Register(driverTable);
  blobtodio_Register(driverTable);
  blobtracker_Register(driverTable);
  bumpertodio_Register(driverTable);
  diodelay_Register(driverTable);
  diolatch_Register(driverTable);
  rangertodio_Register(driverTable);
  stalltodio_Register(driverTable);
  laserbar_Register(driverTable);
  laserbarcode_Register(driverTable);
  bumper2laser_Register(driverTable);
  sicks3000_Register(driverTable);
  laserposeinterpolator_Register(driverTable);
  laserrescan_Register(driverTable);
  lasercspace_Register(driverTable);
  lasercutter_Register(driverTable);
  sickLDMRS_Register(driverTable);
  amcl_Register(driverTable);
  fakelocalize_Register(driverTable);
  mapfile_Register(driverTable);
  mapcspace_Register(driverTable);
  mapscale_Register(driverTable);
  vmapfile_Register(driverTable);
  gridmap_Register(driverTable);
  wavefront_Register(driverTable);
  laserptzcloud_Register(driverTable);
  bumpersafe_Register(driverTable);
  deadstop_Register(driverTable);
  globalize_Register(driverTable);
  goto_Register(driverTable);
  lasersafe_Register(driverTable);
  mbicp_Register(driverTable);
  motionmind_Register(driverTable);
  sicknav200_Register(driverTable);
  nd_Register(driverTable);
  segwayrmp400_Register(driverTable);
  snd_Register(driverTable);
  vfh_Register(driverTable);
  lasertoranger_Register(driverTable);
  sonartoranger_Register(driverTable);
  rangertolaser_Register(driverTable);
  rangerposeinterpolator_Register(driverTable);
  cmdsplitter_Register(driverTable);
  diocmd_Register(driverTable);
  dummy_Register(driverTable);
  gripcmd_Register(driverTable);
  inhibitor_Register(driverTable);
  kartowriter_Register(driverTable);
  writelog_Register(driverTable);
  readlog_Register(driverTable);
  passthrough_Register(driverTable);
  relay_Register(driverTable);
  suppressor_Register(driverTable);
  velcmd_Register(driverTable);
  AioToSonar_Register(driverTable);
  vec2map_Register(driverTable);
  robotracker_Register(driverTable);
  accel_calib_Register(driverTable);
}

so the function gets up to lasercspace_Register before the segfault and then crashes on the line indicated in the previous post.
It never makes it to the "call" statement posted in the previous post (<+33>).
Is there anything else i can post that would help without posting the entire Player project?
GDB shows that table points to valid memory and gives the correct values when dereferenced. GDB also shows the LaserCSpace_Init is a valid function.
Thanks
--scott

Salem 5,138 Posting Sage · Answer 2 · 2010-02-01T23:22:00+00:00

This seems an outrageous guess.

0x00af7fe3 <+3>: sub $0x18,%esp
0x00af7fe6 <+6>: movl $0xaf7f24,0x8(%esp)
0x00af7fee <+14>: movl $0xbdcc00,0x4(%esp)
0x00af7ff6 <+22>: mov 0x8(%ebp),%eax
0x00af7ff9 <+25>: mov %eax,(%esp)

Has the value in the stack pointer slipped over into stack overflow territory?
There would seem to be an edge case where the first two accesses are ok (because of the offsets), whereas the last one is just in the next page marking stack overflow.

Seems unlikely, given that most processes get around about a meg of stack to play with. But as you said it was a lower spec machine, maybe it has less stack.

It would only take a careless local array declaration of some size to eat up a hell of a lot of stack.

scott__ 0 Newbie Poster · Answer 3 · 2010-02-02T05:52:42+00:00

Has the value in the stack pointer slipped over into stack overflow territory?

maybe, but the thing is that every single one of those *_Register functions is exactly the same.

perhaps i dont understand how the stack works well enough, but it seems that every time it enters one of those functions, it should be putting the same amount of offset on the stack ("leave" restores the stack right?)

for example localbb_Register
Dump of assembler code for function

_Z16localbb_RegisterP11DriverTable:
0x00a82168 <+0>:      push   %ebp
0x00a82169 <+1>:      mov    %esp,%ebp
0x00a8216b <+3>:      sub    $0x18,%esp
0x00a8216e <+6>:      movl   $0xa820ac,0x8(%es
p)
0x00a82176 <+14>:     movl   $0xb88078,0x4(%es
p)
0x00a8217e <+22>:     mov    0x8(%ebp),%eax
0x00a82181 <+25>:     mov    %eax,(%esp)
0x00a82184 <+28>:     mov    0xbb96a0,%eax
0x00a82189 <+33>:     call   *%eax
0x00a8218b <+35>:     leave
0x00a8218c <+36>:     ret

End of assembler dump.

luckily i have no need for the lasercspace driver, so I have compiled it out, but i still dont understand why it doesnt work.
Thanks for your help tho.
--scott

assembly stack assignment segfault.

Recommended Answers Collapse Answers

All 4 Replies

Recommended Answers