radareorg
backtrace output seems to be wrong
$ r2 -d ./a.out
Process with PID 7837 started...
PID = 7837
pid = 7837 tid = 7837
r_debug_select: 7837 7837
Using BADDR 0x400000
Asuming filepath ./a.out
bits 64
pid = 7837 tid = 7837
-- Sharing your latest session in Facebook...
[0x7f74e7925cd0]> aa
[0x7f74e7925cd0]> dc
[+] SIGNAL 11 errno=0 addr=(nil) code=1 ret=0
r_debug_select: 7837 1
[+] signal 11 aka SIGSEGV received 0
[0x7f74e76041fd]> dbt
0 0x7f74e757ba40 0
1 0x41d589495541f689 0
[0x7f74e76041fd]>
$ r2 -d a.out Process with PID 17499 started... Attached debugger to pid = 17499, tid = 17499 Debugging pid = 17499, tid = 17499 now Using BADDR 0x400000 Assuming filepath ./a.out bits 64 Attached debugger to pid = 17499, tid = 17499 -- This is an unacceptable milion year dungeon. [0x7f8b4ee1caf0]> aaa Cannot determine xref search boundaries Oops invalid range [0x7f8b4ee1caf0]> dc [+] SIGNAL 11 errno=0 addr=(nil) code=128 ret=0 Debugging pid = 17499, tid = 1 now [+] signal 11 aka SIGSEGV received 0 [0x0040052b]> dbt 0 0x0040052b sp: 0x0 0[sym.foo] rip sym.foo+31 [0x0040052b]>
radare2 0.10.0-git 9762 @ linux-little-x86-64 git.0.9.9-1639-g4d4db25 commit: 4d4db2518171744fe41227ddb464e5b463b1965a build: 2015-11-20
shouldn't it show the main -> bar -> foo stack trace?
void foo() { char a[1]; memset(a, 'A', 1024); } void bar() { foo(); } int main() { bar(); }
no. you have fuckedup the stack, so there’s no way to recover the backtrace
On 20 Nov 2015, at 10:31, nvm [email protected] wrote:
$ r2 -d a.out Process with PID 17499 started... Attached debugger to pid = 17499, tid = 17499 Debugging pid = 17499, tid = 17499 now Using BADDR 0x400000 Assuming filepath ./a.out bits 64 Attached debugger to pid = 17499, tid = 17499 -- This is an unacceptable milion year dungeon. [0x7f8b4ee1caf0]> aaa Cannot determine xref search boundaries Oops invalid range [0x7f8b4ee1caf0]> dc [+] SIGNAL 11 errno=0 addr=(nil) code=128 ret=0 Debugging pid = 17499, tid = 1 now [+] signal 11 aka SIGSEGV received 0 [0x0040052b]> dbt 0 0x0040052b sp: 0x0 0[sym.foo] rip sym.foo+31 [0x0040052b]>
radare2 0.10.0-git 9762 @ linux-little-x86-64 git.0.9.9-1639-g4d4db25 commit: 4d4db25 https://github.com/radare/radare2/commit/4d4db2518171744fe41227ddb464e5b463b1965a build: 2015-11-20
shouldn't it show the main -> bar -> foo stack trace?
void foo() { char a[1]; memset(a, 'A', 1024); } void bar() { foo(); } int main() { bar(); }
— Reply to this email directly or view it on GitHub https://github.com/radare/radare2/issues/2685#issuecomment-158336147.
$ r2 -d a.out Process with PID 17660 started... Attached debugger to pid = 17660, tid = 17660 Debugging pid = 17660, tid = 17660 now Using BADDR 0x400000 Assuming filepath ./a.out bits 64 Attached debugger to pid = 17660, tid = 17660 -- This is an unacceptable milion year dungeon. [0x7fa4b937daf0]> aaa Cannot determine xref search boundaries Oops invalid range [0x7fa4b937daf0]> dc [+] SIGNAL 11 errno=0 addr=0x7fff7b94cff8 code=1 ret=0 Debugging pid = 17660, tid = 1 now [+] signal 11 aka SIGSEGV received 0 [0x00400525]> dbt 0 0x00400525 sp: 0x0 0[sym.foo] rip sym.foo+25 1 0x0040052a sp: 0x7fff7b94d008 8[sym.foo] rip+5 2 0x0040053a sp: 0x7fff7b94d018 16[sym.bar] sym.bar+14 3 0x0040054a sp: 0x7fff7b94d028 16[sym.main] main+14 4 0x0040054a sp: 0x7fff7b94d038 16[sym.main] main+14 5 0x0040054a sp: 0x7fff7b94d048 16[sym.main] main+14 6 0x0040054a sp: 0x7fff7b94d058 16[sym.main] main+14 7 0x0040054a sp: 0x7fff7b94d068 16[sym.main] main+14 8 0x0040054a sp: 0x7fff7b94d078 16[sym.main] main+14 9 0x0040054a sp: 0x7fff7b94d088 16[sym.main] main+14 10 0x0040054a sp: 0x7fff7b94d098 16[sym.main] main+14 11 0x0040054a sp: 0x7fff7b94d0a8 16[sym.main] main+14 12 0x0040054a sp: 0x7fff7b94d0b8 16[sym.main] main+14 13 0x0040054a sp: 0x7fff7b94d0c8 16[sym.main] main+14 14 0x0040054a sp: 0x7fff7b94d0d8 16[sym.main] main+14 15 0x0040054a sp: 0x7fff7b94d0e8 16[sym.main] main+14 16 0x0040054a sp: 0x7fff7b94d0f8 16[sym.main] main+14 17 0x0040054a sp: 0x7fff7b94d108 16[sym.main] main+14 18 0x0040054a sp: 0x7fff7b94d118 16[sym.main] main+14 19 0x0040054a sp: 0x7fff7b94d128 16[sym.main] main+14 20 0x0040054a sp: 0x7fff7b94d138 16[sym.main] main+14 21 0x0040054a sp: 0x7fff7b94d148 16[sym.main] main+14 22 0x0040054a sp: 0x7fff7b94d158 16[sym.main] main+14 23 0x0040054a sp: 0x7fff7b94d168 16[sym.main] main+14 24 0x0040054a sp: 0x7fff7b94d178 16[sym.main] main+14 25 0x0040054a sp: 0x7fff7b94d188 16[sym.main] main+14 26 0x0040054a sp: 0x7fff7b94d198 16[sym.main] main+14 27 0x0040054a sp: 0x7fff7b94d1a8 16[sym.main] main+14 28 0x0040054a sp: 0x7fff7b94d1b8 16[sym.main] main+14 29 0x0040054a sp: 0x7fff7b94d1c8 16[sym.main] main+14 30 0x0040054a sp: 0x7fff7b94d1d8 16[sym.main] main+14 31 0x0040054a sp: 0x7fff7b94d1e8 16[sym.main] main+14 32 0x0040054a sp: 0x7fff7b94d1f8 16[sym.main] main+14 33 0x0040054a sp: 0x7fff7b94d208 16[sym.main] main+14 34 0x0040054a sp: 0x7fff7b94d218 16[sym.main] main+14 35 0x0040054a sp: 0x7fff7b94d228 16[sym.main] main+14 36 0x0040054a sp: 0x7fff7b94d238 16[sym.main] main+14 37 0x0040054a sp: 0x7fff7b94d248 16[sym.main] main+14 38 0x0040054a sp: 0x7fff7b94d258 16[sym.main] main+14 39 0x0040054a sp: 0x7fff7b94d268 16[sym.main] main+14 40 0x0040054a sp: 0x7fff7b94d278 16[sym.main] main+14 41 0x0040054a sp: 0x7fff7b94d288 16[sym.main] main+14 42 0x0040054a sp: 0x7fff7b94d298 16[sym.main] main+14 43 0x0040054a sp: 0x7fff7b94d2a8 16[sym.main] main+14 44 0x0040054a sp: 0x7fff7b94d2b8 16[sym.main] main+14 45 0x0040054a sp: 0x7fff7b94d2c8 16[sym.main] main+14 46 0x0040054a sp: 0x7fff7b94d2d8 16[sym.main] main+14 47 0x0040054a sp: 0x7fff7b94d2e8 16[sym.main] main+14 48 0x0040054a sp: 0x7fff7b94d2f8 16[sym.main] main+14 49 0x0040054a sp: 0x7fff7b94d308 16[sym.main] main+14 50 0x0040054a sp: 0x7fff7b94d318 16[sym.main] main+14 51 0x0040054a sp: 0x7fff7b94d328 16[sym.main] main+14 52 0x0040054a sp: 0x7fff7b94d338 16[sym.main] main+14 53 0x0040054a sp: 0x7fff7b94d348 16[sym.main] main+14 54 0x0040054a sp: 0x7fff7b94d358 16[sym.main] main+14 55 0x0040054a sp: 0x7fff7b94d368 16[sym.main] main+14 56 0x0040054a sp: 0x7fff7b94d378 16[sym.main] main+14 57 0x0040054a sp: 0x7fff7b94d388 16[sym.main] main+14 58 0x0040054a sp: 0x7fff7b94d398 16[sym.main] main+14 59 0x0040054a sp: 0x7fff7b94d3a8 16[sym.main] main+14 60 0x0040054a sp: 0x7fff7b94d3b8 16[sym.main] main+14 61 0x0040054a sp: 0x7fff7b94d3c8 16[sym.main] main+14 62 0x0040054a sp: 0x7fff7b94d3d8 16[sym.main] main+14 63 0x0040054a sp: 0x7fff7b94d3e8 16[sym.main] main+14 64 0x0040054a sp: 0x7fff7b94d3f8 16[sym.main] main+14
this happens with memset(a, 'A', 10)
yeah, this seems like a bug, can you try with other backtrace engines?
[0x00000000]> e dbg.btalgo =?
default
fuzzy
anal
On 20 Nov 2015, at 10:59, nvm [email protected] wrote:
$ r2 -d a.out Process with PID 17660 started... Attached debugger to pid = 17660, tid = 17660 Debugging pid = 17660, tid = 17660 now Using BADDR 0x400000 Assuming filepath ./a.out bits 64 Attached debugger to pid = 17660, tid = 17660 -- This is an unacceptable milion year dungeon. [0x7fa4b937daf0]> aaa Cannot determine xref search boundaries Oops invalid range [0x7fa4b937daf0]> dc [+] SIGNAL 11 errno=0 addr=0x7fff7b94cff8 code=1 ret=0 Debugging pid = 17660, tid = 1 now [+] signal 11 aka SIGSEGV received 0 [0x00400525]> dbt 0 0x00400525 sp: 0x0 0[sym.foo] rip sym.foo+25 1 0x0040052a sp: 0x7fff7b94d008 8[sym.foo] rip+5 2 0x0040053a sp: 0x7fff7b94d018 16[sym.bar] sym.bar+14 3 0x0040054a sp: 0x7fff7b94d028 16[sym.main] main+14 4 0x0040054a sp: 0x7fff7b94d038 16[sym.main] main+14 5 0x0040054a sp: 0x7fff7b94d048 16[sym.main] main+14 6 0x0040054a sp: 0x7fff7b94d058 16[sym.main] main+14 7 0x0040054a sp: 0x7fff7b94d068 16[sym.main] main+14 8 0x0040054a sp: 0x7fff7b94d078 16[sym.main] main+14 9 0x0040054a sp: 0x7fff7b94d088 16[sym.main] main+14 10 0x0040054a sp: 0x7fff7b94d098 16[sym.main] main+14 11 0x0040054a sp: 0x7fff7b94d0a8 16[sym.main] main+14 12 0x0040054a sp: 0x7fff7b94d0b8 16[sym.main] main+14 13 0x0040054a sp: 0x7fff7b94d0c8 16[sym.main] main+14 14 0x0040054a sp: 0x7fff7b94d0d8 16[sym.main] main+14 15 0x0040054a sp: 0x7fff7b94d0e8 16[sym.main] main+14 16 0x0040054a sp: 0x7fff7b94d0f8 16[sym.main] main+14 17 0x0040054a sp: 0x7fff7b94d108 16[sym.main] main+14 18 0x0040054a sp: 0x7fff7b94d118 16[sym.main] main+14 19 0x0040054a sp: 0x7fff7b94d128 16[sym.main] main+14 20 0x0040054a sp: 0x7fff7b94d138 16[sym.main] main+14 21 0x0040054a sp: 0x7fff7b94d148 16[sym.main] main+14 22 0x0040054a sp: 0x7fff7b94d158 16[sym.main] main+14 23 0x0040054a sp: 0x7fff7b94d168 16[sym.main] main+14 24 0x0040054a sp: 0x7fff7b94d178 16[sym.main] main+14 25 0x0040054a sp: 0x7fff7b94d188 16[sym.main] main+14 26 0x0040054a sp: 0x7fff7b94d198 16[sym.main] main+14 27 0x0040054a sp: 0x7fff7b94d1a8 16[sym.main] main+14 28 0x0040054a sp: 0x7fff7b94d1b8 16[sym.main] main+14 29 0x0040054a sp: 0x7fff7b94d1c8 16[sym.main] main+14 30 0x0040054a sp: 0x7fff7b94d1d8 16[sym.main] main+14 31 0x0040054a sp: 0x7fff7b94d1e8 16[sym.main] main+14 32 0x0040054a sp: 0x7fff7b94d1f8 16[sym.main] main+14 33 0x0040054a sp: 0x7fff7b94d208 16[sym.main] main+14 34 0x0040054a sp: 0x7fff7b94d218 16[sym.main] main+14 35 0x0040054a sp: 0x7fff7b94d228 16[sym.main] main+14 36 0x0040054a sp: 0x7fff7b94d238 16[sym.main] main+14 37 0x0040054a sp: 0x7fff7b94d248 16[sym.main] main+14 38 0x0040054a sp: 0x7fff7b94d258 16[sym.main] main+14 39 0x0040054a sp: 0x7fff7b94d268 16[sym.main] main+14 40 0x0040054a sp: 0x7fff7b94d278 16[sym.main] main+14 41 0x0040054a sp: 0x7fff7b94d288 16[sym.main] main+14 42 0x0040054a sp: 0x7fff7b94d298 16[sym.main] main+14 43 0x0040054a sp: 0x7fff7b94d2a8 16[sym.main] main+14 44 0x0040054a sp: 0x7fff7b94d2b8 16[sym.main] main+14 45 0x0040054a sp: 0x7fff7b94d2c8 16[sym.main] main+14 46 0x0040054a sp: 0x7fff7b94d2d8 16[sym.main] main+14 47 0x0040054a sp: 0x7fff7b94d2e8 16[sym.main] main+14 48 0x0040054a sp: 0x7fff7b94d2f8 16[sym.main] main+14 49 0x0040054a sp: 0x7fff7b94d308 16[sym.main] main+14 50 0x0040054a sp: 0x7fff7b94d318 16[sym.main] main+14 51 0x0040054a sp: 0x7fff7b94d328 16[sym.main] main+14 52 0x0040054a sp: 0x7fff7b94d338 16[sym.main] main+14 53 0x0040054a sp: 0x7fff7b94d348 16[sym.main] main+14 54 0x0040054a sp: 0x7fff7b94d358 16[sym.main] main+14 55 0x0040054a sp: 0x7fff7b94d368 16[sym.main] main+14 56 0x0040054a sp: 0x7fff7b94d378 16[sym.main] main+14 57 0x0040054a sp: 0x7fff7b94d388 16[sym.main] main+14 58 0x0040054a sp: 0x7fff7b94d398 16[sym.main] main+14 59 0x0040054a sp: 0x7fff7b94d3a8 16[sym.main] main+14 60 0x0040054a sp: 0x7fff7b94d3b8 16[sym.main] main+14 61 0x0040054a sp: 0x7fff7b94d3c8 16[sym.main] main+14 62 0x0040054a sp: 0x7fff7b94d3d8 16[sym.main] main+14 63 0x0040054a sp: 0x7fff7b94d3e8 16[sym.main] main+14 64 0x0040054a sp: 0x7fff7b94d3f8 16[sym.main] main+14
this happens with memset(a, 'A', 10)
— Reply to this email directly or view it on GitHub https://github.com/radare/radare2/issues/2685#issuecomment-158344527.
yes, it works only with anal
[0x7fde41affaf0]> e dbg.btalgo=anal [0x7fde41affaf0]> aaa Cannot determine xref search boundaries Oops invalid range [0x7fde41affaf0]> dc [+] SIGNAL 11 errno=0 addr=0x7fff70f42ff8 code=1 ret=0 Debugging pid = 18112, tid = 1 now [+] signal 11 aka SIGSEGV received 0 [0x00400525]> dbt 0 0x00400525 sp: 0x0 0[sym.foo] rip sym.foo+25 1 0x00400525 sp: 0x7fff70f43010 0[sym.foo] rip sym.foo+25 2 0x0040053a sp: 0x7fff70f43010 0[sym.bar] sym.bar+14 3 0x0040054a sp: 0x7fff70f43020 0[sym.main] main+14 [0x00400525]>
with fuzzy there is the same behaviour of default.