Look at an example of a coredump:
[[email protected] s1_ex]$ gdb xuzhina_dump_c07_s1_ex core.27776 GNU gdb (gdb) Red Hat Enterprise Linux (7.2-75.el6) C Opyright (C) free software Foundation, inc.license gplv3+: GNU GPL version 3 or later <HTTP://GNU.ORG/LICENSES/GPL . Html>this is free software:you and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "Show copying" and "show warranty" for details. This GDB is configured as "I686-redhat-linux-gnu". For bugs reporting instructions, please see:Look at Std::_merge's compilation.
(GDB) disassemble Dump of assembler code for function _zst5mergein9__gnu_cxx17__normal_ Iteratoripist6vectoriisaiieeees6_s6_et1_t_s8_t0_s9_s7_: 0x08048a88 <+0>:p ush%ebp 0x08048a89 <+1>:mov %ESP,%EBP 0x08048a8b <+3>:p ush%esi 0x08048a8c <+4>:p ush%ebx 0x08048a8d <+5>:sub $0x20,%e SP 0x08048a90 <+8>:mov 0x8 (%EBP),%esi 0x08048a93 <+11>:jmp 0x8048b13 <_zst5mergein9__gnu_cxx17__n Ormal_iteratoripist6vectoriisaiieeees6_s6_et1_t_s8_t0_s9_s7_+139> 0x08048a95 <+13>:lea 0x14 (%EBP),%eax 0x 08048a98 <+16>:mov%eax, (%ESP) 0x08048a9b <+19>:call 0x8048f54 <_znk9__gnu_cxx17__normal_iteratoripi St6vectoriisaiieeedeev> 0x08048aa0 <+24>:mov (%eax),%ebx 0x08048aa2 <+26>:lea 0xc (%EBP),%eax 0x 08048aa5 <+29>:mov%eax, (%ESP) 0x08048aa8 <+32>:call 0x8048f54 <_znk9__gnu_cxx17__normal_iteratoripi St6vectoriisaiieeedeev> 0x08048aad <+37>:mov (%EAX),%eax 0x08048aaf <+39>:cmp%eax,%ebx 0x08048ab1 <+41>:setl%al 0x08048ab4 <+44>:test% Al,%al---Type <return> to continue, or Q <return> to quit---0x08048ab6 <+46>:je 0x8048ae1 <_zs T5mergein9__gnu_cxx17__normal_iteratoripist6vectoriisaiieeees6_s6_et1_t_s8_t0_s9_s7_+89> 0x08048ab8 <+48 >:lea 0x1c (%EBP),%eax 0x08048abb <+51>:mov%eax, (%ESP) 0x08048abe <+54>:call 0x8048f54 <_ZNK 9__gnu_cxx17__normal_iteratoripist6vectoriisaiieeedeev> 0x08048ac3 <+59>:mov%eax,%ebx 0x08048ac5 <+61& Gt;:lea 0x14 (%EBP),%eax 0x08048ac8 <+64>:mov%eax, (%ESP) 0X08048ACB <+67>:call 0x8048f54 <_ZNK9 __gnu_cxx17__normal_iteratoripist6vectoriisaiieeedeev> 0x08048ad0 <+72>:mov (%eax),%eax 0x08048ad2 <+74 >:mov%eax, (%EBX) 0x08048ad4 <+76>:lea 0x14 (%EBP),%eax 0x08048ad7 <+79>:mov%eax, (%ESP) 0x08 048ada <+82>:call 0x8048f5E <_ZN9__gnu_cxx17__normal_iteratorIPiSt6vectorIiSaIiEEEppEv> 0x08048adf <+87>:jmp 0x8048b08 <_ Zst5mergein9__gnu_cxx17__normal_iteratoripist6vectoriisaiieeees6_s6_et1_t_s8_t0_s9_s7_+128> 0X08048AE1 <+ 89>:lea 0x1c (%EBP),%eax 0x08048ae4 <+92>:mov%eax, (%ESP) 0x08048ae7 <+95>:call 0x8048f54 <_Z nk9__gnu_cxx17__normal_iteratoripist6vectoriisaiieeedeev> 0X08048AEC <+100>:mov%eax,%ebx 0x08048aee <+ 102>:lea 0xc (%EBP),%eax 0x08048af1 <+105>:mov%eax, (%ESP) 0x08048af4 <+108>:call 0x8048f54 < _znk9__gnu_cxx17__normal_iteratoripist6vectoriisaiieeedeev> 0x08048af9 <+113>:mov (%eax),%eax=> 0X08048AFB <+115>:mov%eax, (%EBX) 0x08048afd <+117>:lea 0xc (%EBP),%eax 0x08048b00 <+120>:mov %eax, (%ESP) 0x08048b03 <+123>:call 0x8048f5e <_zn9__gnu_cxx17__normal_iteratoripist6vectoriisaiieeeppev& Gt 0x08048b08 <+128>:lea 0x1c (%EBP),%eax 0x08048b0b <+131>:mov%eax, (%ESP) 0x08048b0e <+134>:call 0x8048f5e <_zn9__gnu_cxx17__normal_itera Toripist6vectoriisaiieeeppev> 0x08048b13 <+139>:lea 0x10 (%EBP),%eax 0x08048b16 <+142>:mov%eax,0x 4 (%ESP) 0x08048b1a <+146>:lea 0xc (%EBP),%eax 0x08048b1d <+149>:mov%eax, (%ESP) 0x08048b20 <+152 >:call 0x8048f27 <_ZN9__gnu_cxxneIPiSt6vectorIiSaIiEEEEbRKNS_17__normal_iteratorIT_T0_EESA_> 0x08048b25 <+157>:test%al,%al 0x08048b27 <+159>:je 0x8048b46 <_zst5mergein9__gnu_cxx17__normal_iteraAs can be seen from the compilation above, the ebx of the crash instruction is just
__gnu_cxx::__normal_iterator<int*, Std::vector<int, std::allocator<int> > >::operator* () const, and the this pointer of this member function is determined by the
0X08048AE1 <+89>:lea 0x1c (%EBP),%eax 0x08048ae4 <+92>:mov %eax, (%ESP) 0x08048ae7 < +95>:call 0x8048f54 <_ZNK9__gnu_cxx17__normal_iteratorIPiSt6vectorIiSaIiEEEdeEv> 0X08048AEC <+100>:mov %EAX,%EBXis obtained from the sixth parameter (ebp+0x1c).
And the implementation of this function:
(GDB) disassemble 0x8048f54dump of assembler code for function _znk9__gnu_cxx17__normal_ Iteratoripist6vectoriisaiieeedeev: 0x08048f54 <+0>:p ush %ebp 0x08048f55 <+1>:mov % ESP,%EBP 0x08048f57 <+3>:mov 0x8 (%EBP),%eax 0x08048f5a <+6>:mov (%eax),%eax 0x08048f5c <+8>:p op %ebp 0x08048f5d <+9>:ret End of assembler dump.As can be seen, this function simply returns the value of the first member pointed to by the this pointer.
Then, you can only look at the function of the first layer of the main function to determine what the this pointer is going on.
(GDB) frame 1#1 0x08048871 in Main () (GDB) disassemble Dump of assembler code for function main:0x08048774 <+0>: Lea 0x4 (%ESP),%ecx 0x08048778 <+4>:and $0xfffffff0,%esp 0x0804877b <+7>:p ushl-0x4 (%ECX) 0x080487 7e <+10>:p ush%ebp 0x0804877f <+11>:mov%esp,%ebp 0x08048781 <+13>:p ush%esi 0x08048782 < ;+14>:p ush%ebx 0x08048783 <+15>:p ush%ecx 0x08048784 <+16>:sub $0x7c,%esp 0x08048787 <+19& gt;:lea-0x44 (%EBP),%eax 0x0804878a <+22>:mov%eax, (%ESP) 0x0804878d <+25>:call 0x8048958 <_ZNS T6vectoriisaiieec2ev> 0x08048792 <+30>:movl $0x1,-0x38 (%EBP) 0x08048799 <+37>:lea-0x38 (%EBP),%eax 0x0804879c <+40>:mov%eax,0x4 (%ESP) 0x080487a0 <+44>:lea-0x44 (%EBP),%eax 0x080487a3 <+47>: mov%eax, (%ESP) 0x080487a6 <+50>:call 0x80489ca <_ZNSt6vectorIiSaIiEE9push_backERKi> 0x080487ab <+ 55>:lea-0x50 (%EBP),%eax 0x080487ae <+58>:mov%eax, (%ESP) 0x080487b1 <+61>:call 0x8048958 <_znst6vectoriisaiieec2ev& Gt 0x080487b6 <+66>:movl $0x8,-0x34 (%EBP)---Type <return> to continue, or Q <return> to quit---0x08048 7BD <+73>:lea-0x34 (%EBP),%eax 0x080487c0 <+76>:mov%eax,0x4 (%esp) 0x080487c4 <+80>:lea-0x (%EBP),%eax 0x080487c7 <+83>:mov%eax, (%ESP) 0x080487ca <+86>:call 0x80489ca <_znst6vectoriisaii Ee9push_backerki> 0x080487cf <+91>:lea-0x5c (%EBP),%eax 0x080487d2 <+94>:mov%eax, (%ESP) 0x0804 87d5 <+97>:call 0x8048958 <_ZNSt6vectorIiSaIiEEC2Ev> 0x080487da <+102>:lea-0x2c (%EBP),%eax 0x0 80487DD <+105>:lea-0x5c (%EBP),%edx 0x080487e0 <+108>:mov%edx,0x4 (%esp) 0x080487e4 <+112>:mov %eax, (%ESP) 0x080487e7 <+115>:call 0x8048a3e <_ZNSt6vectorIiSaIiEE5beginEv> 0x080487ec <+120>: Sub $0x4,%esp 0x080487ef <+123>:lea-0x28 (%EBP),%eax 0x080487f2 <+126>:lea-0x50 (%EBP),%edx 0x080487f5 <+129&G T;:mov%edx,0x4 (%ESP) 0x080487f9 <+133>:mov%eax, (%ESP) 0x080487fc <+136>:call 0x8048a62 <_ZNSt 6vectoriisaiiee3endev> 0x08048801 <+141>:sub $0x4,%esp 0x08048804 <+144>:lea-0x24 (%EBP),%eax 0 x08048807 <+147>:lea-0x50 (%EBP),%edx 0x0804880a <+150>:mov%edx,0x4 (%ESP)---Type <return> to Co Ntinue, or Q <return> to quit---0x0804880e <+154>:mov%eax, (%ESP) 0x08048811 <+157>:call 0x804 8a3e <_ZNSt6vectorIiSaIiEE5beginEv> 0x08048816 <+162>:sub $0x4,%esp 0x08048819 <+165>:lea-0x2 0 (%EBP),%eax 0x0804881c <+168>:lea-0x44 (%EBP),%edx 0x0804881f <+171>:mov%edx,0x4 (%ESP) 0x0804882 3 <+175>:mov%eax, (%ESP) 0x08048826 <+178>:call 0x8048a62 <_ZNSt6vectorIiSaIiEE3endEv> 0x080488 2b <+183>:sub $0x4,%esp 0x0804882e <+186>:lea-0x1c (%EBP),%eax 0x08048831 <+189>:lea-0x44 (%EBP),%edx 0x08048834 <+192>:mov%edx,0x4 (%ESP) 0x08048838 <+196>:mov%eax, (%ESP) 0x0804883b <+199>:call 0x8048a3e <_ZNSt6vectorIiSaIiEE5beginEv> 0x08048840 <+204>:sub $0x4,%esp 0x08048843 <+207>:lea-0x30 (%e BP),%eax 0x08048846 <+210>:mov-0x2c (%EBP),%edx 0x08048849 <+213>:mov%edx,0x14 (%ESP) 0x0804884d & Lt;+217>:mov-0x28 (%EBP),%edx 0x08048850 <+220>:mov%edx,0x10 (%esp) 0x08048854 <+224>:mov-0x2 4 (%EBP),%edx 0x08048857 <+227>:mov%edx,0xc (%ESP) 0x0804885b <+231>:mov-0x20 (%EBP),%edx---Type < Return> to continue, or Q <return> to quit---0x0804885e <+234>:mov%edx,0x8 (%esp) 0x08048862 <+2 38>:MOV-0X1C (%EBP),%edx 0x08048865 <+241>:mov%edx,0x4 (%esp) 0x08048869 <+245>:mov%eax, (%esp ) 0x0804886c <+248≫:call 0x8048a88 <_zst5mergein9__gnu_cxx17__normal_iteratoripist6vectoriisaiieeees6_s6_et1_t_s8_t0_s9_s7_ >=> 0x08048871 <+253>:sub $0x4,%esp 0x08048874 <+256>:mov $0x0,%ebx 0x08048879 <+261>:le A-0X5C (%EBP),%eax 0x0804887c <+264>:mov%eax, (%ESP) 0x0804887f <+267>:call 0x804896c <_ZNSt6ve ctoriisaiieed2ev> 0x08048884 <+272>:jmp 0x80488b0 <main+316> 0x08048886 <+274>:mov%edx,%eb X 0x08048888 <+276>:mov%eax,%esi 0x0804888a <+278>:lea-0x5c (%EBP),%eax 0x0804888d <+281>:m OV%eax, (%ESP) 0x08048890 <+284>:call 0x804896c <_ZNSt6vectorIiSaIiEED2Ev> 0x08048895 <+289>:mo V%esi,%eax 0x08048897 <+291>:mov%ebx,%edx 0x08048899 <+293>:jmp 0x804889b <main+295> 0x 0804889b <+295>:mov%edx,%ebx 0x0804889d <+297>:mov%eax,%esi 0x0804889f <+299>:lea-0x50 (% EBP),%eax---Type <return> to Continue, or Q <return> to quit---By
0x08048846 <+210>:mov -0x2c (%EBP),%edx 0x08048849 <+213>:mov%edx,0x14 (%ESP) 0x0804884d <+217>:mov -0x28 (%EBP),%edx 0x08048850 <+220>:mov%edx,0x10 (%ESP) 0x08048854 <+224>:mov -0x24 (%EBP),%edx 0x08048857 <+227>:mov%edx,0xc (%ESP) 0x0804885b <+231>:mov -0x20 (%EBP),%edx---Type <return> to continue, or Q <return> to quit--- 0x0804885e <+234>:mov %edx,0x8 (%esp) 0x08048862 <+238>:mov -0x1c (%EBP),%edx 0x08048865 <+241>:mov %edx,0x4 (%esp) 0x08048869 <+245>:mov %eax, (%ESP) 0x0804886c <+248>:call 0x8048a88 <_zst5mergein9__gnu_cxx17__normal_ iteratoripist6vectoriisaiieeees6_s6_et1_t_s8_t0_s9_s7_>=> 0x08048871 <+253>:sub $0x4,%espYou can see the sixth parameter, which should be the value of ebp-0x2c.
And how did ebp-0x2c get it? Take a look at this piece of compilation:
0X080487CF <+91>:lea -0x5c (%EBP),%eax 0x080487d2 <+94>:mov %eax, (%ESP) 0x080487d5 <+97>:call 0x8048958 <_ZNSt6vectorIiSaIiEEC2Ev> 0x080487da <+102>:lea -0x2c (%EBP), %eax 0x080487dd <+105>:lea -0x5c (%EBP),%edx 0x080487e0 <+108>:mov%edx,0x4 (%ESP) 0x080487e4 <+112>:mov %eax, (%ESP) 0x080487e7 <+115>:call 0x8048a3e <_ Znst6vectoriisaiiee5beginev>You can see it with the C++filt command. _znst6vectoriisaiieec2ev and _znst6vectoriisaiiee5beginev are
[Email protected] s1_ex]$ c++filt _znst6vectoriisaiieec2evstd::vector<int, std::allocator<int>;:: Vector () [[email protected] s1_ex]$ c++filt _znst6vectoriisaiiee5beginevstd::vector<int, Std::allocator<int > >::begin ()The value of ebp-0x2c is obtained by EBP-0X5C.
Look at what's in the ebp-0x5c.
(gdb) x/4x $ebp -0x5c0xbfb2b24c:0x000000000x000000000x000000000x0865e018You can see the vector object that ebp-0x54 points to, _m_start, _m_finish, _m_end_of_storage
Three pointers are 0. The vector simply calls the constructor, but does not do anything else to request space.
Take a look at the source code
1 #include <vector> 2 #include <algorithm> 3 #include <iostream> 4 5 int main () 6 { 7 std::vector<int> A; 8 A.push_back (1); 9 std::vector<int> b; B.push_back (8); std::vector<int> C; Std::merge (A.begin (), A.end (), B.begin (), B.end (), C.begin ()); return 0; 17}It is known that only the vector object of C was constructed, and no space was applied for the merge operation. Before the merge, you can call the member function reserve.
"Coredump Problem principle Inquiry" Linux x86 version 7.2 Vector coredump Example
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
