2

I have this assembly code:

00000000 <Q2>: 0: 55 push %ebp 1: 89 e5 mov %esp,%ebp 3: 83 ec 20 sub $0x20,%esp 6: c7 45 fc 1f 00 00 00 movl $0x1f,-0x4(%ebp) d: c7 45 f8 06 f4 ff ff movl $0xfffff406,-0x8(%ebp) 14: 8b 45 fc mov -0x4(%ebp),%eax 17: 8b 55 08 mov 0x8(%ebp),%edx 1a: 8d 04 02 lea (%edx,%eax,1),%eax 1d: 89 45 f4 mov %eax,-0xc(%ebp) 20: 8b 45 08 mov 0x8(%ebp),%eax 23: 0f af 45 f4 imul -0xc(%ebp),%eax 27: 89 45 f0 mov %eax,-0x10(%ebp) 2a: 8b 45 f8 mov -0x8(%ebp),%eax 2d: 8b 55 f0 mov -0x10(%ebp),%edx 30: 8d 04 02 lea (%edx,%eax,1),%eax 33: 89 45 ec mov %eax,-0x14(%ebp) 36: 83 7d ec 00 cmpl $0x0,-0x14(%ebp) 3a: 74 0a je 46 <Q2+0x46> 3c: b8 00 00 00 00 mov $0x0,%eax 41: 8b 00 mov (%eax),%eax 43: 89 45 f4 mov %eax,-0xc(%ebp) 46: 8b 45 f8 mov -0x8(%ebp),%eax 49: 89 c2 mov %eax,%edx 4b: c1 fa 1f sar $0x1f,%edx 4e: f7 7d 08 idivl 0x8(%ebp) 51: c9 leave 52: c3 ret

I thought the segmentation fault was on line 4e where it would divide by the %edx after it has been shifted right by 0x1f (31) in decimal. I figured that answer would most likely result in a division by 0 unless the number was greater than or equal to 2^31.

I have been informed that whether or not the segmentation fault occurs depends on the value of the 1 parameters of the function. Upon further inspection of the assembly code I have come to the conclusion that the fault is not dependent on the parameter. I can't seem to find what I've overlooked. Can anyone help?

Improve this question
3
  • 4
    Line 41 looks like a segfault to me. Commented Nov 29, 2012 at 2:42
  • 1
    @FrankKotler if this is objdump output of an object file, line 41 may have an invisible relocation entry. @John if so, can you use -dr switches? Commented Nov 29, 2012 at 12:20
  • A segmentation fault cannot be line 4e unless you got a corrupted framepointer (%ebp) register. That's because division-by-zero causes SIGFPE with a siginfo_t having si_code == FPE_INTDIV. Nothing in your function can corrupt %ebp, so if a SIGSEGV occurs on that line, you either have a very buggy signal handler / home-grown context switcher (the only userspace entities capable of changing %ebp), or a kernel bug (unlikely). Use 'gdb' to do an info reg / disas $eip-20 $eip+20. Also - your code is unoptimized compiler output. Source, please, to justify the "C" tag ;-) Commented Nov 29, 2012 at 12:58

1 Answer 1

Reset to default
2

The problem is with these lines:

3c: b8 00 00 00 00 mov $0x0,%eax 41: 8b 00 mov (%eax),%eax

You are moving 0 into %eax and then trying to access the memory at (%eax). On many operating systems (linux, for example), attempting to read address 0x0 will result in a Segmentation Fault.

If I'm reading the code correctly, this will happen unless param * (param + 31) == 3066, which could occur if param is -73 or 42.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.