capstone icon indicating copy to clipboard operation
capstone copied to clipboard
verified publisher icon capstone-engine

[v5] capstone_test_mos65xx segfaults on ARMv7

Open Gelbpunkt opened this issue 8 months ago • 3 comments

Work environment

Questions Answers
System Capstone runs on OS/arch/bits Chimera Linux ARMv7
Capstone module affected mos65xx
Source of Capstone release tag
Version/git commit v5.0.6

Expected behavior

Test pass.

Actual behavior

capstone_test_mos65xx triggers a segfault.

19/24 Test #19: capstone_test_mos65xx ............***Exception: SegFault  0.02 sec
****************
Platform: MOS65XX_6502
Code: 0xa1 0x12 0xa5 0x12 0xa9 0x12 0xad 0x34 0x12 0xb1 0x12 0xb5 0x12 0xb9 0x34 0x12 0xbd 0x34 0x12 0x0d 0x34 0x12 0x00 0x81 0x87 0x6c 0x01 0x00 0x85 0xff 0x10 0x00 0x19 0x42 0x42 0x00 0x49 0x42
Disasm:
0x1000:	lda	($12, x)
	address mode: zero page indexed with x indirect
	modifies flags: true
	op_count: 1
		operands[0].type: MEM = 0x12

0x1002:	lda	$12
	address mode: zero page
	modifies flags: true
	op_count: 1
		operands[0].type: MEM = 0x12

0x1004:	lda	#$12
	address mode: immediate value
	modifies flags: true
	op_count: 1
		operands[0].type: IMM = 0x12

0x1006:	lda	$1234
	address mode: absolute
	modifies flags: true
	op_count: 1
		operands[0].type: MEM = 0x1234

0x1009:	lda	($12), y
	address mode: zero page indirect indexed with y
	modifies flags: true
	op_count: 1
		operands[0].type: MEM = 0x12

0x100b:	lda	$12, x
	address mode: zero page indexed with x
	modifies flags: true
	op_count: 1
		operands[0].type: MEM = 0x12

0x100d:	lda	$1234, y
	address mode: absolute indexed with y
	modifies flags:

Steps to reproduce the behavior

  • Build v5 and run tests on ARMv7 (or probably any 32-bit target?)

Built with LLVM 19.1.7.

Additional Logs, screenshots, source code, configuration dump, ...

Gelbpunkt avatar Apr 06 '25 04:04 Gelbpunkt

I can't really make much out of it in gdb:

(gdb) core builddir/capstone-5.0.6/build/core.21
warning: File /usr/lib/libc.so doesn't match build-id from core-file during file-backed mapping processing
[New LWP 21]
Reading symbols from /home/builder/cports/bldroot/builddir/capstone-5.0.6/build/test_mos65xx...
warning: Unable to find libthread_db matching inferior's thread library, thread debugging will not be available.
warning: Unable to find libthread_db matching inferior's thread library, thread debugging will not be available.
Core was generated by `/builddir/capstone-5.0.6/build/test_mos65xx'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x487311e4 in memchr () from /home/builder/cports/bldroot/usr/lib/libc.so
(gdb) bt
#0  0x487311e4 in memchr () from /home/builder/cports/bldroot/usr/lib/libc.so
#1  0x48732a98 in strnlen () from /home/builder/cports/bldroot/usr/lib/libc.so
#2  0x487295d4 in ?? () from /home/builder/cports/bldroot/usr/lib/libc.so
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Gelbpunkt avatar Apr 06 '25 05:04 Gelbpunkt

Seems like this also happened on Gentoo: https://bugs.gentoo.org/924922

Gelbpunkt avatar Apr 06 '25 05:04 Gelbpunkt

Possibly related to (also a 32bit host): https://github.com/capstone-engine/capstone/issues/2416

Rot127 avatar Apr 06 '25 10:04 Rot127