[PATCH] sha3sum: New applet, v2
Baruch Siach
baruch at tkos.co.il
Tue Jan 8 07:34:49 UTC 2013
Hi Lauri,
On Sun, Jan 06, 2013 at 10:04:36PM +0200, Lauri Kasanen wrote:
> > The content of the r28 register is:
> >
> > (gdb) info registers
> > ...
> > r28 0x10173010 269955088
> >
> > The process' /proc/[pid]/maps file shows:
> >
> > 1014d000-10173000 rwxp 00000000 00:00 0 [heap]
> >
> > which means that we're trying to read just beyond the process allocated
> > heap.
> >
> > From the disassembly code I infer that the crash happens before the call
> > to
> > bb_bswap_64 at address 0x10050b80.
>
> Thanks.
>
> Can you also enable CONFIG_PESSIMIZE (disable gcc's optimization) and
> post the backtrace? I wonder if somehow it gets called with wrong
> arguments (end of string, but wrong size for example), those were
> optimized out in the first backtrace.
A pessimized build give the exact same result. Details below:
Program received signal SIGSEGV, Segmentation fault.
0x1009d288 in KeccakF (state=0xbfca1fc0, in=0x101cafd0, laneCount=8)
at libbb/hash_md5_sha.c:977
977 state[laneCount] ^= SWAP_LE64(in[laneCount]);
(gdb) bt
#0 0x1009d288 in KeccakF (state=0xbfca1fc0, in=0x101cafd0, laneCount=8)
at libbb/hash_md5_sha.c:977
#1 0x1009dab4 in sha3_hash (state=0xbfca1fc0, data=0x101cafd0 "", bytes=21474836485)
at libbb/hash_md5_sha.c:1055
#2 0x1007180c in hash_file (filename=0x10169fcc "-") at coreutils/md5_sha1_sum.c:151
#3 0x10071b74 in md5_sha1_sum_main (argc=1, argv=0xbfca23e8)
at coreutils/md5_sha1_sum.c:247
#4 0x10002980 in run_applet_no_and_exit (applet_no=122, argv=0xbfca23e8)
at libbb/appletlib.c:755
#5 0x100029c4 in run_applet_and_exit (name=0xbfca2d14 "sha3sum", argv=0xbfca23e8)
at libbb/appletlib.c:762
#6 0x10002818 in busybox_main (argv=0xbfca23e8) at libbb/appletlib.c:727
#7 0x100029ec in run_applet_and_exit (name=0xbfca2d0c "busybox", argv=0xbfca23e4)
at libbb/appletlib.c:764
#8 0x10002ad4 in main (argc=2, argv=0xbfca23e4) at libbb/appletlib.c:819
(gdb) p &in[laneCount]
$1 = (const uint64_t *) 0x101cb010
(gdb) disas
Dump of assembler code for function KeccakF:
[...]
0x1009d258 <+120>: lwz r9,72(r1)
0x1009d25c <+124>: add r0,r9,r0
0x1009d260 <+128>: mr r9,r0
0x1009d264 <+132>: lwz r8,0(r9)
0x1009d268 <+136>: lwz r9,4(r9)
0x1009d26c <+140>: stw r8,88(r1)
0x1009d270 <+144>: stw r9,92(r1)
0x1009d274 <+148>: lwz r0,80(r1)
0x1009d278 <+152>: rlwinm r0,r0,3,0,28
0x1009d27c <+156>: lwz r9,76(r1)
0x1009d280 <+160>: add r0,r9,r0
0x1009d284 <+164>: mr r11,r0
=> 0x1009d288 <+168>: lwz r9,0(r11)
0x1009d28c <+172>: lwz r10,4(r11)
0x1009d290 <+176>: mr r3,r9
0x1009d294 <+180>: mr r4,r10
0x1009d298 <+184>: bl 0x100b0898 <bb_bswap_64>
0x1009d29c <+188>: mr r10,r4
0x1009d2a0 <+192>: mr r9,r3
0x1009d2a4 <+196>: lwz r0,88(r1)
0x1009d2a8 <+200>: xor r0,r0,r9
0x1009d2ac <+204>: stw r0,96(r1)
0x1009d2b0 <+208>: lwz r8,92(r1)
0x1009d2b4 <+212>: xor r8,r8,r10
0x1009d2b8 <+216>: stw r8,100(r1)
0x1009d2bc <+220>: lwz r9,96(r1)
0x1009d2c0 <+224>: lwz r10,100(r1)
(gdb) info reg
[...]
r11 0x101cb010 270315536
# cat /proc/[pid]/maps
[...]
101a5000-101cb000 rwxp 00000000 00:00 0 [heap]
baruch
--
http://baruch.siach.name/blog/ ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch at tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -
More information about the busybox
mailing list