NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/48954: USB diagconstic message: actlen (-15996) > len (4)



The following reply was made to PR kern/48954; it has been noted by GNATS.

From: David Holland <dholland-bugs%netbsd.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: kern/48954: USB diagconstic message: actlen (-15996) > len (4)
Date: Fri, 27 Jun 2014 14:13:41 +0000

 On Fri, Jun 27, 2014 at 02:10:14PM +0000, Alexander Nasonov wrote:
  >  ffffffff8044b34c:       48 8b bb f8 32 00 00    mov    0x32f8(%rbx),%rdi
  >  ffffffff8044b353:       48 c7 44 24 08 4d 75    movq 
$0xffffffff8044754d,0x8(%rsp)
  >  ffffffff8044b35a:       44 80
  >  ffffffff8044b35c:       c7 04 24 00 00 00 00    movl   $0x0,(%rsp)
  >  ffffffff8044b363:       41 b9 05 00 00 00       mov    $0x5,%r9d
  >  ffffffff8044b369:       41 b8 00 40 00 00       mov    $0x4000,%r8d
  >  ffffffff8044b36f:       4c 89 e2                mov    %r12,%rdx
  >  ffffffff8044b372:       e8 e7 17 41 00          callq  ffffffff8085cb5e 
<usbd_setup_xfer>
  >  ffffffff8044b377:       48 8b bb f8 32 00 00    mov    0x32f8(%rbx),%rdi
  >  
  >                                                         ^^^^^^^^^^^^
  >                                                         IT CRASHES HERE
  >  
  >  ffffffff8044b37e:       e8 78 11 41 00          callq  ffffffff8085c4fb 
<usbd_transfer>
  >  
  >  Note that it's reading the same memory location 0x32f8(%rbx) twice but
  >  the second read crashes the kernel.
 
 That means either compiled code isn't preserving %rbx according to the
 function call ABI (unlikely) or the stack's being overwritten.
 
 -- 
 David A. Holland
 dholland%netbsd.org@localhost
 


Home | Main Index | Thread Index | Old Index