views:

1139

answers:

2

When my linux application crashes, it produces a line in the logs something like:

segfault at 0000000 rip 00003f32a823 rsp 000123ade323 error 4

What are those rip and rsp addresses? how do I use them to pinpoint the problem? do they correspond to something in the "objdump" or "readelf" outputs? are they useful if my program gets its symbols stripped out (to a separate file, which can be used using gdb)

+3  A: 

Well the rip pointer tells you the instruction that caused the crash. You need to look it up in a map file.

In the map file you will have a list of functions and their starting address. When you load the application it is loaded to a base address. The rip pointer - the base address gives you the map file address. If you then search through the map file for a function that starts at an address slightly lower than your rip pointer and is followed, in the list, by a function with a higher address you have located the function that crashed.

From there you need to try and identify what went wrong in your code. Its not much fun but it, at least, gives you a starting point.

Edit: The "segfault at" bit is telling you, i'd wager, that you have dereferenced a NULL pointer. The rsp is the current stack pointer. Alas its probably not all that useful. With a memory dump you "may" be able to figure out more accurately where you'd got to in the function but it can be really hard to work out, exactly, where you are in an optimised build

Goz
A: 

This link was very usefull to me.

tsotso