Control: tags 920179 + upstream patch
Dear Maintainer,
I tried to have a look at this and think I found something.
This seems to be a case of implicit function declaration
defaulting to int as return type but real function returns
a pointer. Therefore an invalid pointer gets later used.
This shows also up as gcc warnings:
warning: implicit declaration of function ‘dngettext’
Attached patch includes libintl.h before usage of dngettext.
That solves the crash but creates some new warnings
about redefinition of gettext and dgettext, where I cannot
say if that has a negative consequence.
Kind regards,
Bernhard
Thread 1 "klavaro" hit Breakpoint 2, 0x0000555555565032 in main_window_init ()
at main.c:317
317 tmp = dngettext (PACKAGE, "Dictation mode (depends on this
speech synthesizer: %s)",
1: x/i $pc
=> 0x555555565032 <main+1266>: callq 0x555555563590 <dngettext@plt>
2: /x $eax = 0x0
3: /x $rdi = 0x55555558928b
(gdb) nexti
[Thread 0x7ffff25b3700 (LWP 5290) exited]
319 ttip = g_strdup_printf (tmp, "Espeak");
1: x/i $pc
=> 0x555555565037 <main+1271>: lea 0x2406e(%rip),%rsi #
0x5555555890ac
2: /x $eax = 0xf3732349
3: /x $rdi = 0x7ffff703fa60
(gdb)
0x000055555556503e 319 ttip = g_strdup_printf (tmp, "Espeak");
1: x/i $pc
=> 0x55555556503e <main+1278>: movslq %eax,%rdi
2: /x $eax = 0xf3732349
3: /x $rdi = 0x7ffff703fa60
(gdb)
0x0000555555565041 319 ttip = g_strdup_printf (tmp, "Espeak");
1: x/i $pc
=> 0x555555565041 <main+1281>: xor %eax,%eax
2: /x $eax = 0xf3732349
3: /x $rdi = 0xfffffffff3732349
<<<<<<<<< $rdi should equal here $eax
(gdb)
0x0000555555565043 319 ttip = g_strdup_printf (tmp, "Espeak");
1: x/i $pc
=> 0x555555565043 <main+1283>: callq 0x5555555632f0 <g_strdup_printf@plt>
2: /x $eax = 0x0
3: /x $rdi = 0xfffffffff3732349
(gdb)
[Thread 0x7ffff2db4700 (LWP 5289) exited]
Thread 1 "klavaro" received signal SIGSEGV, Segmentation fault.
__strchrnul_sse2 () at ../sysdeps/x86_64/multiarch/../strchr.S:32
32 movdqu (%rdi), %xmm0
1: x/i $pc
=> 0x7ffff6f1af33 <__strchrnul_sse2+35>: movdqu (%rdi),%xmm0
2: /x $eax = 0x349
3: /x $rdi = 0xfffffffff3732349
(gdb) bt
#0 0x00007ffff6f1af33 in __strchrnul_sse2 () at
../sysdeps/x86_64/multiarch/../strchr.S:32
#1 0x00007ffff6ed2c49 in __find_specmb (format=0xfffffffff3732349 <error:
Cannot access memory at address 0xfffffffff3732349>) at printf-parse.h:108
#2 0x00007ffff6ed2c49 in _IO_vfprintf_internal (s=s@entry=0x7fffffffe1e0,
format=format@entry=0xfffffffff3732349 <error: Cannot access memory at address
0xfffffffff3732349>, ap=ap@entry=0x7fffffffe350) at vfprintf.c:1315
#3 0x00007ffff6f8d408 in __GI___vasprintf_chk
(result_ptr=result_ptr@entry=0x7fffffffe330, flags=flags@entry=1,
format=0xfffffffff3732349 <error: Cannot access memory at address
0xfffffffff3732349>, format@entry=0x7fffffffe330 "", args=0x7fffffffe350) at
vasprintf_chk.c:66
#4 0x00007ffff730bef9 in vasprintf (__ap=<optimized out>, __fmt=<optimized
out>, __ptr=0x7fffffffe330) at /usr/include/x86_64-linux-gnu/bits/stdio2.h:213
#5 0x00007ffff730bef9 in g_vasprintf (string=string@entry=0x7fffffffe330,
format=<optimized out>, args=args@entry=0x7fffffffe350) at
../../../glib/gprintf.c:330
#6 0x00007ffff72e555d in g_strdup_vprintf (format=<optimized out>,
args=args@entry=0x7fffffffe350) at ../../../glib/gstrfuncs.c:514
#7 0x00007ffff72e5619 in g_strdup_printf (format=<optimized out>) at
../../../glib/gstrfuncs.c:540
#8 0x0000555555565048 in main_window_init () at main.c:319
#9 0x0000555555565048 in main (argc=<optimized out>, argv=<optimized out>) at
main.c:475
Description: Include libintl.h to avoid default int for dngettext
Bug-Debian: https://bugs.debian.org/920179
Forwarded: no
Last-Update: 2019-01-23
--- klavaro-3.03.orig/src/main.c
+++ klavaro-3.03/src/main.c
@@ -18,6 +18,7 @@
#include <pango/pango-attributes.h>
#include <gtk/gtk.h>
#include <curl/curl.h>
+#include <libintl.h>
#include "auxiliar.h"
#include "callbacks.h"
--- klavaro-3.03.orig/src/tutor.c
+++ klavaro-3.03/src/tutor.c
@@ -23,6 +23,7 @@
#include <glib.h>
#include <glib/gstdio.h>
#include <gtk/gtk.h>
+#include <libintl.h>
#include "main.h"
#include "auxiliar.h"
# Buster amd64 qemu VM 2019-01-23
apt update
apt dist-upgrade
apt install xserver-xorg lightdm openbox klavaro
apt install systemd-coredump gdb valgrind binutils mc klavaro-dbgsym
libglib2.0-0-dbgsym
apt install dpkg-dev devscripts
apt build-dep klavaro
systemctl start lightdm
mkdir source/klavaro/orig -p
cd source/klavaro/orig
apt source klavaro
cd
mkdir source/glibc/orig -p
cd source/glibc/orig
apt source glibc
cd
export DISPLAY=:0
klavaro
##############
benutzer@debian:~$ klavaro
Speicherzugriffsfehler (Speicherabzug geschrieben)
root@debian:~# coredumpctl list
TIME PID UID GID SIG COREFILE EXE
Wed 2019-01-23 15:35:13 CET 7166 1000 1000 11 present /usr/bin/klavaro
root@debian:~# coredumpctl gdb 7166
PID: 7166 (klavaro)
UID: 1000 (benutzer)
GID: 1000 (benutzer)
Signal: 11 (SEGV)
Timestamp: Wed 2019-01-23 15:35:13 CET (34s ago)
Command Line: klavaro
Executable: /usr/bin/klavaro
Control Group: /user.slice/user-1000.slice/session-3.scope
Unit: session-3.scope
Slice: user-1000.slice
Session: 3
Owner UID: 1000 (benutzer)
Boot ID: 4536e4087de34cddb6098000fc6a0da8
Machine ID: 32f43b50ac8c4b21941bc0b02f8e7811
Hostname: debian
Storage:
/var/lib/systemd/coredump/core.klavaro.1000.4536e4087de34cddb6098000fc6a0da8.7166.1548254113000000.lz4
Message: Process 7166 (klavaro) of user 1000 dumped core.
Stack trace of thread 7166:
#0 0x00007fabbd127f33 __strchrnul_sse2 (libc.so.6)
#1 0x00007fabbd0dfc49 __find_specmb (libc.so.6)
#2 0x00007fabbd19a408 __GI___vasprintf_chk (libc.so.6)
#3 0x00007fabbd518ef9 g_vasprintf (libglib-2.0.so.0)
#4 0x00007fabbd4f255d g_strdup_vprintf (libglib-2.0.so.0)
#5 0x00007fabbd4f2619 g_strdup_printf (libglib-2.0.so.0)
#6 0x000055e14cf25048 main (klavaro)
#7 0x00007fabbd0b409b __libc_start_main (libc.so.6)
#8 0x000055e14cf2557a _start (klavaro)
Stack trace of thread 7167:
#0 0x00007fabbd17eb39 __GI___poll (libc.so.6)
#1 0x00007fabbd4d3016 n/a (libglib-2.0.so.0)
#2 0x00007fabbd4d313c g_main_context_iteration
(libglib-2.0.so.0)
#3 0x00007fabbd4d3181 n/a (libglib-2.0.so.0)
#4 0x00007fabbd4fb325 n/a (libglib-2.0.so.0)
#5 0x00007fabbd258fa3 start_thread (libpthread.so.0)
#6 0x00007fabbd1897ef __clone (libc.so.6)
Stack trace of thread 7170:
#0 0x00007fabbd17eb39 __GI___poll (libc.so.6)
#1 0x00007fabbd4d3016 n/a (libglib-2.0.so.0)
#2 0x00007fabbd4d33a2 g_main_loop_run (libglib-2.0.so.0)
#3 0x00007fabbd6ffd26 n/a (libgio-2.0.so.0)
#4 0x00007fabbd4fb325 n/a (libglib-2.0.so.0)
#5 0x00007fabbd258fa3 start_thread (libpthread.so.0)
#6 0x00007fabbd1897ef __clone (libc.so.6)
Stack trace of thread 7168:
#0 0x00007fabbd184269 syscall (libc.so.6)
#1 0x00007fabbd51cf1a g_cond_wait_until (libglib-2.0.so.0)
#2 0x00007fabbd4a5051 n/a (libglib-2.0.so.0)
#3 0x00007fabbd4fbe02 n/a (libglib-2.0.so.0)
#4 0x00007fabbd4fb325 n/a (libglib-2.0.so.0)
#5 0x00007fabbd258fa3 start_thread (libpthread.so.0)
#6 0x00007fabbd1897ef __clone (libc.so.6)
Stack trace of thread 7169:
#0 0x00007fabbd184269 syscall (libc.so.6)
#1 0x00007fabbd51cf1a g_cond_wait_until (libglib-2.0.so.0)
#2 0x00007fabbd4a5051 n/a (libglib-2.0.so.0)
#3 0x00007fabbd4fbe02 n/a (libglib-2.0.so.0)
#4 0x00007fabbd4fb325 n/a (libglib-2.0.so.0)
#5 0x00007fabbd258fa3 start_thread (libpthread.so.0)
#6 0x00007fabbd1897ef __clone (libc.so.6)
GNU gdb (Debian 8.2-1) 8.2
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/klavaro...(no debugging symbols found)...done.
[New LWP 7166]
[New LWP 7167]
[New LWP 7170]
[New LWP 7168]
[New LWP 7169]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `klavaro'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __strchrnul_sse2 () at ../sysdeps/x86_64/multiarch/../strchr.S:32
32 ../sysdeps/x86_64/multiarch/../strchr.S: Datei oder Verzeichnis nicht
gefunden.
[Current thread is 1 (Thread 0x7fabb9cbdcc0 (LWP 7166))]
(gdb) set width 0
(gdb) set pagination off
(gdb) bt
#0 __strchrnul_sse2 () at ../sysdeps/x86_64/multiarch/../strchr.S:32
#1 0x00007fabbd0dfc49 in __find_specmb (format=0xffffffffb993c349 <error:
Cannot access memory at address 0xffffffffb993c349>) at printf-parse.h:108
#2 _IO_vfprintf_internal (s=s@entry=0x7ffdcf795bd0,
format=format@entry=0xffffffffb993c349 <error: Cannot access memory at address
0xffffffffb993c349>, ap=ap@entry=0x7ffdcf795d40) at vfprintf.c:1315
#3 0x00007fabbd19a408 in __GI___vasprintf_chk (result_ptr=0x7ffdcf795d20,
flags=1, format=0xffffffffb993c349 <error: Cannot access memory at address
0xffffffffb993c349>, args=0x7ffdcf795d40) at vasprintf_chk.c:66
#4 0x00007fabbd518ef9 in g_vasprintf () from
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#5 0x00007fabbd4f255d in g_strdup_vprintf () from
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#6 0x00007fabbd4f2619 in g_strdup_printf () from
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#7 0x000055e14cf25048 in main ()
(gdb) bt
#0 __strchrnul_sse2 () at ../sysdeps/x86_64/multiarch/../strchr.S:32
#1 0x00007fabbd0dfc49 in __find_specmb (format=0xffffffffb993c349 <error:
Cannot access memory at address 0xffffffffb993c349>) at printf-parse.h:108
#2 _IO_vfprintf_internal (s=s@entry=0x7ffdcf795bd0,
format=format@entry=0xffffffffb993c349 <error: Cannot access memory at address
0xffffffffb993c349>, ap=ap@entry=0x7ffdcf795d40) at vfprintf.c:1315
#3 0x00007fabbd19a408 in __GI___vasprintf_chk
(result_ptr=result_ptr@entry=0x7ffdcf795d20, flags=flags@entry=1,
format=0xffffffffb993c349 <error: Cannot access memory at address
0xffffffffb993c349>, format@entry=0x7ffdcf795d20 "", args=0x7ffdcf795d40) at
vasprintf_chk.c:66
#4 0x00007fabbd518ef9 in vasprintf (__ap=<optimized out>, __fmt=<optimized
out>, __ptr=0x7ffdcf795d20) at /usr/include/x86_64-linux-gnu/bits/stdio2.h:213
#5 g_vasprintf (string=string@entry=0x7ffdcf795d20, format=<optimized out>,
args=args@entry=0x7ffdcf795d40) at ../../../glib/gprintf.c:330
#6 0x00007fabbd4f255d in g_strdup_vprintf (format=<optimized out>,
args=args@entry=0x7ffdcf795d40) at ../../../glib/gstrfuncs.c:514
#7 0x00007fabbd4f2619 in g_strdup_printf (format=<optimized out>) at
../../../glib/gstrfuncs.c:540
#8 0x000055e14cf25048 in main_window_init () at main.c:319
#9 main (argc=<optimized out>, argv=<optimized out>) at main.c:475
(gdb) list 286,330
286
/*******************************************************************************
287 * Initialize some interface widgets
288 */
289 static void
290 main_window_init ()
291 {
292 gchar *tmp;
293 gchar *ttip;
294 PangoAttrList *palist;
295
296 /* Workaround to make GtkBuilder translate all text, on Windows
:-(
297 */
298 if (! UNIX_OK)
299 main_gtkbuilder_translation_workaround ();
300
301 /* Set the language
302 */
303 trans_set_combo_language ();
304
305 /* Set keyboard
306 */
307 keyb_create_virtual_keys ();
308 hints_init ();
309
310 /* Set if speech is enabled
311 */
312 callbacks_shield_set (TRUE);
313 if (!main_preferences_exist ("interface", "speech"))
314 main_preferences_set_boolean ("interface", "speech",
TRUE);
315 gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (get_wg
("checkbutton_speech")),
316 main_preferences_get_boolean ("interface",
"speech"));
317 tmp = dngettext (PACKAGE, "Dictation mode (depends on this
speech synthesizer: %s)",
318 "Dictation mode (depends on one of these speech
synthesizers: %s)", 1);
319 ttip = g_strdup_printf (tmp, "Espeak");
<<<<<<<<<<<<<<<
320 gtk_widget_set_tooltip_text (get_wg ("checkbutton_speech"),
ttip);
321 callbacks_shield_set (FALSE);
322
323
324 /* Set the initial keyboard to use
325 */
326 keyb_set_combo_kbd ("combobox_kbd_country",
"combobox_kbd_variant");
327 keyb_set_combo_kbd ("combobox_keyboard_country",
"combobox_keyboard_variant");
328
329 /* Set window icons
330 */
(gdb) list main
415
/*******************************************************************************
416 * Main program
417 */
418 int
419 main (int argc, char *argv[])
420 {
421 gchar *tmp;
422 gboolean success = FALSE;
423 gboolean show_version = FALSE;
424 GOptionContext *opct;
425 GOptionEntry option[] = {
426 {"version", 'v', 0, G_OPTION_ARG_NONE, &show_version,
"Versio", NULL},
427 {NULL}
428 };
429 GError *gerr;
430
431 /* Localization
432 */
433 #ifdef ENABLE_NLS
434 bindtextdomain (GETTEXT_PACKAGE, PACKAGE_LOCALE_DIR);
435 bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
436 textdomain (GETTEXT_PACKAGE);
437 #endif
438
439 /* Command-line arguments
440 */
441 opct = g_option_context_new ("");
442 g_option_context_set_translation_domain (opct, GETTEXT_PACKAGE);
443 g_option_context_add_main_entries (opct, option,
GETTEXT_PACKAGE);
444 g_option_context_add_group (opct, gtk_get_option_group (TRUE));
445 g_setenv ("NO_AT_BRIDGE", "1", FALSE); /* to eliminate annoying
accessibility bus warning */
446 g_option_context_parse (opct, &argc, &argv, &gerr);
447
448 if (show_version)
449 {
450 g_printf (VERSION"\n");
451 return 0;
452 }
453
454 curl_ok = curl_global_init (CURL_GLOBAL_WIN32) == CURLE_OK ?
TRUE : FALSE;
455
456 main_initialize_global_variables (); /* Here the locale is
got. */
457
458 /* Create all the interface stuff
459 */
460 gui = gtk_builder_new ();
461 gtk_builder_set_translation_domain (gui, NULL);
462
463 tmp = g_build_filename (main_path_data (), "klavaro.glade",
NULL);
464 if (g_file_test (tmp, G_FILE_TEST_IS_REGULAR))
465 success = gtk_builder_add_from_file (gui, tmp, NULL);
466 else
467 g_error ("GUI file not found. Aborting.\n %s", tmp);
468 if (!success)
469 g_error ("GUI file found but couldn't create the GUI.
Aborting.");
470 if (!g_module_supported ())
471 g_error ("GUI created but can't connect signals.");
472 g_free (tmp);
473 gtk_builder_connect_signals (gui, NULL);
474
475 main_window_init (); /* and initialize its parameters */
<<<<<<<<<<<<<<<
476
477 gtk_main ();
478
479 return 0;
480 }
#################
benutzer@debian:~$ valgrind klavaro
==21941== Memcheck, a memory error detector
==21941== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==21941== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==21941== Command: klavaro
==21941==
** Message: 20:15:16.548: Empty accuracy log:
/home/benutzer/.local/share/klavaro/accuracy.log_qwertz_de
** Message: 20:15:16.574: Empty proficiency log:
/home/benutzer/.local/share/klavaro/proficiency.log_qwertz_de
Adiaux!
==21941==
==21941== HEAP SUMMARY:
==21941== in use at exit: 7,938,365 bytes in 93,721 blocks
==21941== total heap usage: 520,030 allocs, 426,309 frees, 31,714,857 bytes
allocated
==21941==
==21941== LEAK SUMMARY:
==21941== definitely lost: 36,096 bytes in 74 blocks
==21941== indirectly lost: 85,619 bytes in 3,468 blocks
==21941== possibly lost: 10,088 bytes in 243 blocks
==21941== still reachable: 6,158,466 bytes in 78,857 blocks
==21941== of which reachable via heuristic:
==21941== length64 : 12,000 bytes in 174
blocks
==21941== newarray : 2,288 bytes in 63 blocks
==21941== suppressed: 0 bytes in 0 blocks
==21941== Rerun with --leak-check=full to see details of leaked memory
==21941==
==21941== For counts of detected and suppressed errors, rerun with: -v
==21941== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
#################
gdb -q \
-ex 'set width 0' \
-ex 'set pagination off' \
-ex 'directory /home/benutzer/source/klavaro/orig/klavaro-3.03/src' \
-ex 'directory /home/benutzer/source/glibc/orig/glibc-2.28/intl' \
-ex 'display/i $pc' \
-ex 'b dngettext' \
-ex 'maint set target-non-stop off' \
-ex 'run' \
-ex 'record' \
-ex 'cont' \
--args klavaro
benutzer@debian:~$ gdb -q \
> -ex 'set width 0' \
> -ex 'set pagination off' \
> -ex 'directory /home/benutzer/source/klavaro/orig/klavaro-3.03/src' \
> -ex 'directory /home/benutzer/source/glibc/orig/glibc-2.28/intl' \
> -ex 'display/i $pc' \
> -ex 'b dngettext' \
> -ex 'maint set target-non-stop off' \
> -ex 'run' \
> -ex 'record' \
> -ex 'cont' \
> --args klavaro
Reading symbols from klavaro...Reading symbols from
/usr/lib/debug/.build-id/33/f76701badabdac469e407b2e0a6a48afaf5131.debug...done.
done.
Source directories searched:
/home/benutzer/source/klavaro/orig/klavaro-3.03/src:$cdir:$cwd
Source directories searched:
/home/benutzer/source/glibc/orig/glibc-2.28/intl:/home/benutzer/source/klavaro/orig/klavaro-3.03/src:$cdir:$cwd
1: x/i $pc
<error: No registers.>
Breakpoint 1 at 0xf590
Starting program: /usr/bin/klavaro
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff35b7700 (LWP 21717)]
[New Thread 0x7ffff2db6700 (LWP 21718)]
[New Thread 0x7ffff25b5700 (LWP 21719)]
[New Thread 0x7ffff1db4700 (LWP 21720)]
Thread 1 "klavaro" hit Breakpoint 1, __dngettext (domainname=0x55555558928b
"klavaro", msgid1=0x555555589410 "Dictation mode (depends on this speech
synthesizer: %s)", msgid2=0x5555555893c8 "Dictation mode (depends on one of
these speech synthesizers: %s)", n=1) at dngettext.c:51
51 return DCNGETTEXT (domainname, msgid1, msgid2, n, LC_MESSAGES);
1: x/i $pc
=> 0x7ffff6eb7340 <__dngettext>: mov $0x5,%r8d
Continuing.
[Thread 0x7ffff25b5700 (LWP 21719) exited]
Thread 1 "klavaro" received signal SIGSEGV, Segmentation fault.
__strchrnul_sse2 () at ../sysdeps/x86_64/multiarch/../strchr.S:32
32 movdqu (%rdi), %xmm0
1: x/i $pc
=> 0x7ffff6f1cf33 <__strchrnul_sse2+35>: movdqu (%rdi),%xmm0
(gdb) print/x $rdi
$1 = 0xfffffffff3734349
(gdb) display/x $rdi
2: /x $rdi = 0xfffffffff3734349
(gdb) reverse-stepi
32 movdqu (%rdi), %xmm0
...
(gdb) stepi
0x00007ffff6ed4c2f 1304 in vfprintf.c
1: x/i $pc
=> 0x7ffff6ed4c2f <_IO_vfprintf_internal+143>: mov -0x4c8(%rbp),%rdi
2: /x $rdi = 0x7fffffffe1e0
(gdb) x/1xg $rbp-0x4c8
0x7fffffffdd08: 0xfffffffff3734349
(gdb) set can-use-hw-watchpoints 0
(gdb) watch *(long*)0x7fffffffdd08
Watchpoint 3: *(long*)0x7fffffffdd08
(gdb) reverse-cont
Continuing.
Thread 1 "klavaro" hit Watchpoint 3: *(long*)0x7fffffffdd08
Old value = -210549943
New value = 0
0x00007ffff6ed4bba in _IO_vfprintf_internal (s=s@entry=0x7fffffffe1e0,
format=format@entry=0xfffffffff3734349 <error: Cannot access memory at address
0xfffffffff3734349>, ap=ap@entry=0x7fffffffe350) at vfprintf.c:1239
1239 in vfprintf.c
1: x/i $pc
=> 0x7ffff6ed4bba <_IO_vfprintf_internal+26>: mov %rsi,-0x4c8(%rbp)
2: /x $rdi = 0x7fffffffe1e0
(gdb) print/x $rsi
$3 = 0xfffffffff3734349
(gdb) reverse-stepi
0x00007ffff6ed4bb3 1239 in vfprintf.c
...
(gdb)
0x00007ffff6f8f400 66 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8f400 <__GI___vasprintf_chk+192>: mov %r13,%rsi
3: /x $rsi = 0x555555a17010
(gdb) print/x $r13
$5 = 0x7fffffffe350
(gdb) print/x $rsi
$6 = 0x555555a17010
(gdb) stepi
0x00007ffff6f8f403 66 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8f403 <__GI___vasprintf_chk+195>: callq 0x7ffff6ed4ba0
<_IO_vfprintf_internal>
3: /x $rsi = 0xfffffffff3734349
(gdb) print/x $r13
$7 = 0x7fffffffe350
(gdb) print/x $rsi
$8 = 0xfffffffff3734349
??? what ?
(gdb) info thread
Id Target Id Frame
* 1 Thread 0x7ffff3ab2cc0 (LWP 21713) "klavaro" 0x00007ffff6f8f403 in
__GI___vasprintf_chk (result_ptr=result_ptr@entry=0x7fffffffe330,
flags=flags@entry=1, format=0x7fffffffe350 "\b", format@entry=0x7fffffffe330
"", args=0xfbad8000) at vasprintf_chk.c:66
2 Thread 0x7ffff35b7700 (LWP 21717) "gmain" 0x00007ffff6f73b39 in
__GI___poll (fds=0x55555595baf0, nfds=2, timeout=-1) at
../sysdeps/unix/sysv/linux/poll.c:29
3 Thread 0x7ffff2db6700 (LWP 21718) "pool" syscall () at
../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
5 Thread 0x7ffff1db4700 (LWP 21720) "gdbus" 0x00007ffff6f73b39 in
__GI___poll (fds=0x7fffe4013920, nfds=2, timeout=-1) at
../sysdeps/unix/sysv/linux/poll.c:29
##############
0xfffffffff3734349
ff ff ff ff f3 73 43 49
s C I
"ICs"
##############
gdb -q \
-ex 'set width 0' \
-ex 'set pagination off' \
-ex 'directory /home/benutzer/source/klavaro/orig/klavaro-3.03/src' \
-ex 'directory /home/benutzer/source/glibc/orig/glibc-2.28/intl' \
-ex 'display/i $pc' \
-ex 'b dngettext' \
-ex 'maint set target-non-stop off' \
-ex 'run' \
-ex 'record' \
-ex 'cont' \
-ex 'set can-use-hw-watchpoints 0' \
--args klavaro
(gdb) stepi
0x00007ffff6f8f400 66 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8f400 <__GI___vasprintf_chk+192>: mov %r13,%rsi
3: /x $rsi = 0x555555a16d40
4: /x $r13 = 0x7fffffffe350
(gdb) stepi
0x00007ffff6f8f403 66 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8f403 <__GI___vasprintf_chk+195>: callq 0x7ffff6ed4ba0
<_IO_vfprintf_internal>
3: /x $rsi = 0xfffffffff3734349
4: /x $r13 = 0x7fffffffe350
(gdb) x/20xb 0x7ffff6f8f400
0x7ffff6f8f400 <__GI___vasprintf_chk+192>: 0x4c 0x89 0xee 0xe8
0x98 0x57 0xf4 0xff
0x7ffff6f8f408 <__GI___vasprintf_chk+200>: 0x89 0xc5 0x85 0xc0
0x0f 0x88 0xae 0x00
(gdb) disassemble 0x7ffff6f8f400,0x7ffff6f8f420
Dump of assembler code from 0x7ffff6f8f400 to 0x7ffff6f8f420:
0x00007ffff6f8f400 <__GI___vasprintf_chk+192>: mov %r13,%rsi
=> 0x00007ffff6f8f403 <__GI___vasprintf_chk+195>: callq 0x7ffff6ed4ba0
<_IO_vfprintf_internal>
0x00007ffff6f8f408 <__GI___vasprintf_chk+200>: mov %eax,%ebp
(gdb) info reg
rax 0x7ffff6f09bc0 140737336351680
rbx 0x555555a16d40 93824997223744
rcx 0x0 0
rdx 0x7fffffffe350 140737488347984
rsi 0xfffffffff3734349 -210549943
rdi 0x7fffffffe1e0 140737488347616
rbp 0x7fffffffe1e0 0x7fffffffe1e0
rsp 0x7fffffffe1e0 0x7fffffffe1e0
r8 0x0 0
r9 0x555555a16e70 93824997224048
r10 0x5555555c2010 93824992682000
r11 0x70 112
r12 0x7fffffffe330 140737488347952
r13 0x7fffffffe350 140737488347984
r14 0xfbad8000 4222451712
r15 0x1 1
rip 0x7ffff6f8f403 0x7ffff6f8f403 <__GI___vasprintf_chk+195>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
https://c9x.me/x86/html/file_module_x86_id_176.html
x86 Instruction Set Reference
MOV
Move
Opcode Mnemonic Description
89 /r MOV r/m16,r16 Move r16 to r/m16.
89 /r MOV r/m32,r32 Move r32 to r/m32.
http://ref.x86asm.net/coder64.html
Prefix 0x4C: REX.WR
https://wiki.osdev.org/X86-64_Instruction_Encoding#Usage
Encoding
The layout is as follows:
7 0
+---+---+---+---+---+---+---+---+
| 0 1 0 0 | W | R | X | B |
+---+---+---+---+---+---+---+---+
W 1 bit When 1, a 64-bit operand size is used. Otherwise, when 0, the
default operand size is used (which is 32-bit for most but not all
instructions, see this table).
R 1 bit This 1-bit value is an extension to the MODRM.reg field. See
Registers.
| 0 1 0 0 | 1 | 1 | 0 | 0 | == 0b 0100 1100 == 0x4c
MODRM.reg 3 bits This field can have one of two values:
A 3-bit opcode extension, which is used by some instructions but has no
further meaning other than distinguishing the instruction from other
instructions.
A 3-bit register reference, which can be used as the source or the
destination of an instruction (depending on the instruction).
The referenced register depends on the operand-size of the instruction
and the instruction itself.
See Registers for the values to use for each of the registers.
The REX.R, VEX.~R or XOP.~R field can extend this field with 1
most-significant bit to 4 bits total.
????
(gdb) info all-registers
rax 0x7ffff6f09bc0 140737336351680
rbx 0x555555a16d40 93824997223744
rcx 0x0 0
rdx 0x7fffffffe350 140737488347984
rsi 0xfffffffff3734349 -210549943
rdi 0x7fffffffe1e0 140737488347616
rbp 0x7fffffffe1e0 0x7fffffffe1e0
rsp 0x7fffffffe1e0 0x7fffffffe1e0
r8 0x0 0
r9 0x555555a16e70 93824997224048
r10 0x5555555c2010 93824992682000
r11 0x70 112
r12 0x7fffffffe330 140737488347952
r13 0x7fffffffe350 140737488347984
r14 0xfbad8000 4222451712
r15 0x1 1
rip 0x7ffff6f8f403 0x7ffff6f8f403 <__GI___vasprintf_chk+195>
eflags 0x206 [ PF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 0 (raw 0x00000000000000000000)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x0}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0xff, 0xff, 0x0 <repeats 14 times>}, v8_int16 = {0xffff, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xffff, 0x0, 0x0, 0x0}, v2_int64 =
{0xffff, 0x0}, uint128 = 0xffff}
xmm2 {v4_float = {0xffffffff, 0xffffffff, 0x0, 0xffffffff}, v2_double
= {0x7fffffffffffffff, 0x7fffffffffffffff}, v16_int8 = {0x44, 0x69, 0x67, 0x69,
0x74, 0x73, 0x0, 0x67, 0x74, 0x6b, 0x33, 0x30, 0x2d, 0x70, 0x72, 0x6f},
v8_int16 = {0x6944, 0x6967, 0x7374, 0x6700, 0x6b74, 0x3033, 0x702d, 0x6f72},
v4_int32 = {0x69676944, 0x67007374, 0x30336b74, 0x6f72702d}, v2_int64 =
{0x6700737469676944, 0x6f72702d30336b74}, uint128 =
0x6f72702d30336b746700737469676944}
xmm3 {v4_float = {0xffffffff, 0x0, 0xffffffff, 0xffffffff}, v2_double
= {0x0, 0x7fffffffffffffff}, v16_int8 = {0x6f, 0x6e, 0x20, 0x74, 0x68, 0x69,
0x73, 0x20, 0x73, 0x70, 0x65, 0x65, 0x63, 0x68, 0x20, 0x73}, v8_int16 =
{0x6e6f, 0x7420, 0x6968, 0x2073, 0x7073, 0x6565, 0x6863, 0x7320}, v4_int32 =
{0x74206e6f, 0x20736968, 0x65657073, 0x73206863}, v2_int64 =
{0x2073696874206e6f, 0x7320686365657073}, uint128 =
0x73206863656570732073696874206e6f}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0x0 <repeats 11 times>, 0xff, 0xff, 0xff,
0xff, 0xff}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0xff00, 0xffff, 0xffff},
v4_int32 = {0x0, 0x0, 0xff000000, 0xffffffff}, v2_int64 = {0x0,
0xffffffffff000000}, uint128 = 0xffffffffff0000000000000000000000}
xmm5 {v4_float = {0x3, 0x3, 0x3, 0x3}, v2_double = {0x20, 0x20},
v16_int8 = {0x40 <repeats 16 times>}, v8_int16 = {0x4040, 0x4040, 0x4040,
0x4040, 0x4040, 0x4040, 0x4040, 0x4040}, v4_int32 = {0x40404040, 0x40404040,
0x40404040, 0x40404040}, v2_int64 = {0x4040404040404040, 0x4040404040404040},
uint128 = 0x40404040404040404040404040404040}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double =
{0x7fffffffffffffff, 0x7fffffffffffffff}, v16_int8 = {0x5b <repeats 16 times>},
v8_int16 = {0x5b5b, 0x5b5b, 0x5b5b, 0x5b5b, 0x5b5b, 0x5b5b, 0x5b5b, 0x5b5b},
v4_int32 = {0x5b5b5b5b, 0x5b5b5b5b, 0x5b5b5b5b, 0x5b5b5b5b}, v2_int64 =
{0x5b5b5b5b5b5b5b5b, 0x5b5b5b5b5b5b5b5b}, uint128 =
0x5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x20 <repeats 16 times>}, v8_int16 = {0x2020, 0x2020, 0x2020,
0x2020, 0x2020, 0x2020, 0x2020, 0x2020}, v4_int32 = {0x20202020, 0x20202020,
0x20202020, 0x20202020}, v2_int64 = {0x2020202020202020, 0x2020202020202020},
uint128 = 0x20202020202020202020202020202020}
xmm8 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x20, 0x0 <repeats 15 times>}, v8_int16 = {0x20, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x20, 0x0, 0x0, 0x0}, v2_int64 = {0x20, 0x0},
uint128 = 0x20}
xmm9 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0xff, 0xff, 0x0 <repeats 11 times>, 0xff, 0x0,
0xff}, v8_int16 = {0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00, 0xff00}, v4_int32 =
{0xffff, 0x0, 0x0, 0xff00ff00}, v2_int64 = {0xffff, 0xff00ff0000000000},
uint128 = 0xff00ff0000000000000000000000ffff}
xmm10 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x20, 0x0 <repeats 15 times>}, v8_int16 = {0x20, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x20, 0x0, 0x0, 0x0}, v2_int64 = {0x20, 0x0},
uint128 = 0x20}
xmm11 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double =
{0x8000000000000000, 0x8000000000000000}, v16_int8 = {0xff <repeats 16 times>},
v8_int16 = {0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
v4_int32 = {0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff}, v2_int64 =
{0xffffffffffffffff, 0xffffffffffffffff}, uint128 =
0xffffffffffffffffffffffffffffffff}
xmm12 {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x53, 0x4e, 0x47, 0x39, 0x1d, 0xe5, 0xe4, 0x3f, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0x4e53, 0x3947, 0xe51d, 0x3fe4, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x39474e53, 0x3fe4e51d, 0x0, 0x0}, v2_int64 =
{0x3fe4e51d39474e53, 0x0}, uint128 = 0x3fe4e51d39474e53}
xmm13 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x0}
xmm14 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x0}
xmm15 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x0}
mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ]
####################
benutzer@debian:~$ objdump --disassemble /lib/x86_64-linux-gnu/libc.so.6 | grep
vasprintf_chk -A100
000000000010a340 <__vasprintf_chk@@GLIBC_2.8>:
10a340: 41 57 push %r15
10a3fd: 4c 89 f2 mov %r14,%rdx
10a400: 4c 89 ee mov %r13,%rsi
10a403: e8 98 57 f4 ff callq 4fba0 <_IO_vfprintf@@GLIBC_2.2.5>
10a408: 89 c5 mov %eax,%ebp
###################
gdb -q \
-ex 'set width 0' \
-ex 'set pagination off' \
-ex 'directory /home/benutzer/source/klavaro/orig/klavaro-3.03/src' \
-ex 'directory /home/benutzer/source/glibc/orig/glibc-2.28/intl' \
-ex 'display/i $pc' \
-ex 'b dngettext' \
-ex 'run' \
-ex 'dele 1' \
-ex 'print __vasprintf_chk +192' \
-ex 'b *$1' \
-ex 'display/x $r13' \
-ex 'display/x $rsi' \
-ex 'cont' \
--args klavaro
benutzer@debian:~$ gdb -q \
> -ex 'set width 0' \
> -ex 'set pagination off' \
> -ex 'directory /home/benutzer/source/klavaro/orig/klavaro-3.03/src' \
> -ex 'directory /home/benutzer/source/glibc/orig/glibc-2.28/intl' \
> -ex 'display/i $pc' \
> -ex 'b dngettext' \
> -ex 'run' \
> -ex 'dele 1' \
> -ex 'print __vasprintf_chk +192' \
> -ex 'b *$1' \
> -ex 'display/x $r13' \
> -ex 'display/x $rsi' \
> -ex 'cont' \
> --args klavaro
Reading symbols from klavaro...Reading symbols from
/usr/lib/debug/.build-id/33/f76701badabdac469e407b2e0a6a48afaf5131.debug...done.
done.
Source directories searched:
/home/benutzer/source/klavaro/orig/klavaro-3.03/src:$cdir:$cwd
Source directories searched:
/home/benutzer/source/glibc/orig/glibc-2.28/intl:/home/benutzer/source/klavaro/orig/klavaro-3.03/src:$cdir:$cwd
1: x/i $pc
<error: No registers.>
Breakpoint 1 at 0xf590
Starting program: /usr/bin/klavaro
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff35b5700 (LWP 31088)]
[New Thread 0x7ffff2db4700 (LWP 31089)]
[New Thread 0x7ffff25b3700 (LWP 31090)]
[New Thread 0x7ffff1db2700 (LWP 31091)]
Thread 1 "klavaro" hit Breakpoint 1, __dngettext (domainname=0x55555558928b
"klavaro", msgid1=0x555555589410 "Dictation mode (depends on this speech
synthesizer: %s)", msgid2=0x5555555893c8 "Dictation mode (depends on one of
these speech synthesizers: %s)", n=1) at dngettext.c:51
51 return DCNGETTEXT (domainname, msgid1, msgid2, n, LC_MESSAGES);
1: x/i $pc
=> 0x7ffff6eb5340 <__dngettext>: mov $0x5,%r8d
$1 = (int (*)(char **, int, const char *, struct __va_list_tag *))
0x7ffff6f8d400 <__GI___vasprintf_chk+192>
Breakpoint 2 at 0x7ffff6f8d400: file vasprintf_chk.c, line 66.
2: /x $r13 = 0x7fffffffe5c0
3: /x $rsi = 0x555555589410
Continuing.
Thread 1 "klavaro" hit Breakpoint 2, 0x00007ffff6f8d400 in __GI___vasprintf_chk
(result_ptr=result_ptr@entry=0x7fffffffe330, flags=flags@entry=1,
format=0xfffffffff3732349 <error: Cannot access memory at address
0xfffffffff3732349>, format@entry=0x7fffffffe330 "", args=0x7fffffffe350) at
vasprintf_chk.c:66
66 vasprintf_chk.c: Datei oder Verzeichnis nicht gefunden.
1: x/i $pc
=> 0x7ffff6f8d400 <__GI___vasprintf_chk+192>: mov %r13,%rsi
2: /x $r13 = 0xfffffffff3732349
3: /x $rsi = 0x555555cc44a0
(gdb) stepi
[Thread 0x7ffff25b3700 (LWP 31090) exited]
0x00007ffff6f8d403 66 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d403 <__GI___vasprintf_chk+195>: callq 0x7ffff6ed2ba0
<_IO_vfprintf_internal>
2: /x $r13 = 0xfffffffff3732349
3: /x $rsi = 0xfffffffff3732349
(gdb)
--> ok, there is really that value before in $r13
#####################
benutzer@debian:~$ gdb -q \
> -ex 'set width 0' \
> -ex 'set pagination off' \
> -ex 'directory /home/benutzer/source/klavaro/orig/klavaro-3.03/src' \
> -ex 'directory /home/benutzer/source/glibc/orig/glibc-2.28/intl' \
> -ex 'display/i $pc' \
> -ex 'b dngettext' \
> -ex 'maint set target-non-stop off' \
> -ex 'run' \
> -ex 'record' \
> -ex 'cont' \
> -ex 'set can-use-hw-watchpoints 0' \
> --args klavaro
Reading symbols from klavaro...Reading symbols from
/usr/lib/debug/.build-id/33/f76701badabdac469e407b2e0a6a48afaf5131.debug...done.
done.
Source directories searched:
/home/benutzer/source/klavaro/orig/klavaro-3.03/src:$cdir:$cwd
Source directories searched:
/home/benutzer/source/glibc/orig/glibc-2.28/intl:/home/benutzer/source/klavaro/orig/klavaro-3.03/src:$cdir:$cwd
1: x/i $pc
<error: No registers.>
Breakpoint 1 at 0xf590
Starting program: /usr/bin/klavaro
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff35b5700 (LWP 31098)]
[New Thread 0x7ffff2db4700 (LWP 31099)]
[New Thread 0x7ffff25b3700 (LWP 31100)]
[New Thread 0x7ffff1db2700 (LWP 31101)]
Thread 1 "klavaro" hit Breakpoint 1, __dngettext (domainname=0x55555558928b
"klavaro", msgid1=0x555555589410 "Dictation mode (depends on this speech
synthesizer: %s)", msgid2=0x5555555893c8 "Dictation mode (depends on one of
these speech synthesizers: %s)", n=1) at dngettext.c:51
51 return DCNGETTEXT (domainname, msgid1, msgid2, n, LC_MESSAGES);
1: x/i $pc
=> 0x7ffff6eb5340 <__dngettext>: mov $0x5,%r8d
Continuing.
[Thread 0x7ffff2db4700 (LWP 31099) exited]
Thread 1 "klavaro" received signal SIGSEGV, Segmentation fault.
__strchrnul_sse2 () at ../sysdeps/x86_64/multiarch/../strchr.S:32
32 movdqu (%rdi), %xmm0
1: x/i $pc
=> 0x7ffff6f1af33 <__strchrnul_sse2+35>: movdqu (%rdi),%xmm0
(gdb) display/x $rdi
2: /x $rdi = 0xfffffffff3732349
(gdb) reverse-stepi
32 movdqu (%rdi), %xmm0
1: x/i $pc
=> 0x7ffff6f1af33 <__strchrnul_sse2+35>: movdqu (%rdi),%xmm0
2: /x $rdi = 0xfffffffff3732349
(gdb)
31 jg L(cross_page)
1: x/i $pc
=> 0x7ffff6f1af2d <__strchrnul_sse2+29>: jg 0x7ffff6f1b080
<__strchrnul_sse2+368>
2: /x $rdi = 0xfffffffff3732349
(gdb)
30 pshufd $0, %xmm1, %xmm1
1: x/i $pc
=> 0x7ffff6f1af28 <__strchrnul_sse2+24>: pshufd $0x0,%xmm1,%xmm1
2: /x $rdi = 0xfffffffff3732349
(gdb)
29 punpcklwd %xmm1, %xmm1
1: x/i $pc
=> 0x7ffff6f1af24 <__strchrnul_sse2+20>: punpcklwd %xmm1,%xmm1
2: /x $rdi = 0xfffffffff3732349
(gdb)
28 cmpl $4032, %eax
1: x/i $pc
=> 0x7ffff6f1af1f <__strchrnul_sse2+15>: cmp $0xfc0,%eax
2: /x $rdi = 0xfffffffff3732349
(gdb)
27 punpcklbw %xmm1, %xmm1
1: x/i $pc
=> 0x7ffff6f1af1b <__strchrnul_sse2+11>: punpcklbw %xmm1,%xmm1
2: /x $rdi = 0xfffffffff3732349
(gdb)
26 andl $4095, %eax
1: x/i $pc
=> 0x7ffff6f1af16 <__strchrnul_sse2+6>: and $0xfff,%eax
2: /x $rdi = 0xfffffffff3732349
(gdb)
25 movl %edi, %eax
1: x/i $pc
=> 0x7ffff6f1af14 <__strchrnul_sse2+4>: mov %edi,%eax
2: /x $rdi = 0xfffffffff3732349
(gdb)
24 movd %esi, %xmm1
1: x/i $pc
=> 0x7ffff6f1af10 <__strchrnul_sse2>: movd %esi,%xmm1
2: /x $rdi = 0xfffffffff3732349
(gdb)
0x00007ffff6ea5070 in *ABS*+0x8aad0@plt () from /lib/x86_64-linux-gnu/libc.so.6
1: x/i $pc
=> 0x7ffff6ea5070 <*ABS*+0x8aad0@plt>: jmpq *0x198fd2(%rip) #
0x7ffff703e048 <*ABS*@got.plt>
2: /x $rdi = 0xfffffffff3732349
(gdb)
__find_specmb (format=0xfffffffff3732349 <error: Cannot access memory at
address 0xfffffffff3732349>) at printf-parse.h:108
108 printf-parse.h: Datei oder Verzeichnis nicht gefunden.
1: x/i $pc
=> 0x7ffff6ed2c44 <_IO_vfprintf_internal+164>: callq 0x7ffff6ea5070
<*ABS*+0x8aad0@plt>
2: /x $rdi = 0xfffffffff3732349
(gdb)
0x00007ffff6ed2c3d in _IO_vfprintf_internal (s=s@entry=0x7fffffffe1e0,
format=format@entry=0xfffffffff3732349 <error: Cannot access memory at address
0xfffffffff3732349>, ap=ap@entry=0x7fffffffe350) at vfprintf.c:1304
1304 vfprintf.c: Datei oder Verzeichnis nicht gefunden.
1: x/i $pc
=> 0x7ffff6ed2c3d <_IO_vfprintf_internal+157>: mov %rax,-0x438(%rbp)
2: /x $rdi = 0xfffffffff3732349
(gdb)
0x00007ffff6ed2c36 1304 in vfprintf.c
1: x/i $pc
=> 0x7ffff6ed2c36 <_IO_vfprintf_internal+150>: movups %xmm1,-0x448(%rbp)
2: /x $rdi = 0xfffffffff3732349
(gdb)
0x00007ffff6ed2c2f in __find_specmb (format=<optimized out>) at vfprintf.c:1304
1304 in vfprintf.c
1: x/i $pc
=> 0x7ffff6ed2c2f <_IO_vfprintf_internal+143>: mov -0x4c8(%rbp),%rdi
2: /x $rdi = 0x7fffffffe1e0
(gdb) x/1xg $rbp-0x4c8
0x7fffffffdd08: 0xfffffffff3732349
(gdb) watch *(long*)0x7fffffffdd08
Watchpoint 2: *(long*)0x7fffffffdd08
(gdb) reverse-cont
Continuing.
Thread 1 "klavaro" hit Watchpoint 2: *(long*)0x7fffffffdd08
Old value = -210558135
New value = 0
0x00007ffff6ed2bba in _IO_vfprintf_internal (s=s@entry=0x7fffffffe1e0,
format=format@entry=0xfffffffff3732349 <error: Cannot access memory at address
0xfffffffff3732349>, ap=ap@entry=0x7fffffffe350) at vfprintf.c:1239
1239 in vfprintf.c
1: x/i $pc
=> 0x7ffff6ed2bba <_IO_vfprintf_internal+26>: mov %rsi,-0x4c8(%rbp)
2: /x $rdi = 0x7fffffffe1e0
(gdb) undisp 2
(gdb) display/x $rsi
3: /x $rsi = 0xfffffffff3732349
(gdb) reverse-stepi
0x00007ffff6ed2bb3 1239 in vfprintf.c
1: x/i $pc
=> 0x7ffff6ed2bb3 <_IO_vfprintf_internal+19>: sub $0x548,%rsp
3: /x $rsi = 0xfffffffff3732349
(gdb)
0x00007ffff6ed2bb0 1239 in vfprintf.c
1: x/i $pc
=> 0x7ffff6ed2bb0 <_IO_vfprintf_internal+16>: mov %rdi,%rbx
3: /x $rsi = 0xfffffffff3732349
(gdb)
0x00007ffff6ed2baf 1239 in vfprintf.c
1: x/i $pc
=> 0x7ffff6ed2baf <_IO_vfprintf_internal+15>: push %rbx
3: /x $rsi = 0xfffffffff3732349
(gdb)
0x00007ffff6ed2bad 1239 in vfprintf.c
1: x/i $pc
=> 0x7ffff6ed2bad <_IO_vfprintf_internal+13>: push %r12
3: /x $rsi = 0xfffffffff3732349
(gdb)
0x00007ffff6ed2baa 1239 in vfprintf.c
1: x/i $pc
=> 0x7ffff6ed2baa <_IO_vfprintf_internal+10>: mov %rdx,%r13
3: /x $rsi = 0xfffffffff3732349
(gdb)
0x00007ffff6ed2ba8 1239 in vfprintf.c
1: x/i $pc
=> 0x7ffff6ed2ba8 <_IO_vfprintf_internal+8>: push %r13
3: /x $rsi = 0xfffffffff3732349
(gdb)
0x00007ffff6ed2ba6 1239 in vfprintf.c
1: x/i $pc
=> 0x7ffff6ed2ba6 <_IO_vfprintf_internal+6>: push %r14
3: /x $rsi = 0xfffffffff3732349
(gdb)
0x00007ffff6ed2ba4 1239 in vfprintf.c
1: x/i $pc
=> 0x7ffff6ed2ba4 <_IO_vfprintf_internal+4>: push %r15
3: /x $rsi = 0xfffffffff3732349
(gdb)
0x00007ffff6ed2ba1 1239 in vfprintf.c
1: x/i $pc
=> 0x7ffff6ed2ba1 <_IO_vfprintf_internal+1>: mov %rsp,%rbp
3: /x $rsi = 0xfffffffff3732349
(gdb)
1239 in vfprintf.c
1: x/i $pc
=> 0x7ffff6ed2ba0 <_IO_vfprintf_internal>: push %rbp
3: /x $rsi = 0xfffffffff3732349
(gdb)
0x00007ffff6f8d403 in __GI___vasprintf_chk
(result_ptr=result_ptr@entry=0x7fffffffe330, flags=flags@entry=1,
format=0x7fffffffe350 "\b", format@entry=0x7fffffffe330 "", args=0xfbad8000) at
vasprintf_chk.c:66
66 vasprintf_chk.c: Datei oder Verzeichnis nicht gefunden.
1: x/i $pc
=> 0x7ffff6f8d403 <__GI___vasprintf_chk+195>: callq 0x7ffff6ed2ba0
<_IO_vfprintf_internal>
3: /x $rsi = 0xfffffffff3732349
(gdb)
0x00007ffff6f8d400 66 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d400 <__GI___vasprintf_chk+192>: mov %r13,%rsi
3: /x $rsi = 0x555555a21640
(gdb) print/x $r13
$1 = 0x7fffffffe350
(gdb) undisp 3
(gdb) reverse-stepi
0x00007ffff6f8d3fd 66 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d3fd <__GI___vasprintf_chk+189>: mov %r14,%rdx
(gdb)
66 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d3fa <__GI___vasprintf_chk+186>: mov %rbp,%rdi
(gdb)
64 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d3f5 <__GI___vasprintf_chk+181>: orl $0x4,0x74(%rsp)
(gdb)
0x00007ffff6f8d3f3 63 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d3f3 <__GI___vasprintf_chk+179>: jle 0x7ffff6f8d3fa
<__GI___vasprintf_chk+186>
(gdb)
63 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d3f0 <__GI___vasprintf_chk+176>: test %r15d,%r15d
(gdb)
0x00007ffff6f8d3e8 59 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d3e8 <__GI___vasprintf_chk+168>: mov %rax,0xe8(%rsp)
(gdb)
59 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d3e1 <__GI___vasprintf_chk+161>: mov 0xb0bc0(%rip),%rax
# 0x7ffff703dfa8
(gdb)
58 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d3d9 <__GI___vasprintf_chk+153>: mov %rax,0xe0(%rsp)
(gdb)
0x00007ffff6f8d3d5 57 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d3d5 <__GI___vasprintf_chk+149>: andl $0xfffffffe,(%rsp)
(gdb)
57 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d3ce <__GI___vasprintf_chk+142>: mov 0xb0a5b(%rip),%rax
# 0x7ffff703de30
(gdb)
0x00007ffff6f023f7 in _IO_str_init_static_internal (sf=sf@entry=0x7fffffffe1e0,
ptr=ptr@entry=0x555555a21640 "\240\354\003\367\377\177", size=size@entry=100,
pstart=pstart@entry=0x555555a21640 "\240\354\003\367\377\177") at strops.c:64
64 strops.c: Datei oder Verzeichnis nicht gefunden.
1: x/i $pc
=> 0x7ffff6f023f7 <_IO_str_init_static_internal+103>: retq
(gdb)
0x00007ffff6f023f5 64 in strops.c
1: x/i $pc
=> 0x7ffff6f023f5 <_IO_str_init_static_internal+101>: pop %r13
(gdb) x/3xg $rsp-8
0x7fffffffe1c8: 0x00007fffffffe330 0xfffffffff3732349
0x7fffffffe1d8: 0x00007ffff6f8d3ce
(gdb) x/1xg $rsp
0x7fffffffe1d0: 0xfffffffff3732349
(gdb) disa 2
(gdb) watch *(long*)0x7fffffffe1d0
Watchpoint 3: *(long*)0x7fffffffe1d0
(gdb) reverse-cont
Continuing.
Thread 1 "klavaro" hit Watchpoint 3: *(long*)0x7fffffffe1d0
Old value = -210558135
New value = 140737488347856
__GI___libc_malloc (bytes=100) at malloc.c:3025
3025 malloc.c: Datei oder Verzeichnis nicht gefunden.
1: x/i $pc
=> 0x7ffff6f07570 <__GI___libc_malloc>: push %r13
(gdb) print/x $r13
$2 = 0xfffffffff3732349
(gdb) display/x $r13
4: /x $r13 = 0xfffffffff3732349
(gdb) reverse-stepi
0x00007ffff6ea5308 in malloc@plt () from /lib/x86_64-linux-gnu/libc.so.6
1: x/i $pc
=> 0x7ffff6ea5308 <malloc@plt>: jmpq *0x198b22(%rip) # 0x7ffff703de30
4: /x $r13 = 0xfffffffff3732349
(gdb)
__GI___vasprintf_chk (result_ptr=0x5f, result_ptr@entry=0x7fffffffe330,
flags=flags@entry=1, format=0xfffffffff3732349 <error: Cannot access memory at
address 0xfffffffff3732349>, format@entry=0x7fffffffe330 "",
args=0x7fffffffe350) at vasprintf_chk.c:48
48 vasprintf_chk.c: Datei oder Verzeichnis nicht gefunden.
1: x/i $pc
=> 0x7ffff6f8d375 <__GI___vasprintf_chk+53>: callq 0x7ffff6ea5308
<malloc@plt>
4: /x $r13 = 0xfffffffff3732349
(gdb)
0x00007ffff6f8d373 37 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d373 <__GI___vasprintf_chk+51>: xor %eax,%eax
4: /x $r13 = 0xfffffffff3732349
(gdb)
0x00007ffff6f8d36b 37 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d36b <__GI___vasprintf_chk+43>: mov %rax,0xf8(%rsp)
4: /x $r13 = 0xfffffffff3732349
(gdb)
0x00007ffff6f8d362 37 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d362 <__GI___vasprintf_chk+34>: mov %fs:0x28,%rax
4: /x $r13 = 0xfffffffff3732349
(gdb)
0x00007ffff6f8d35b 37 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d35b <__GI___vasprintf_chk+27>: sub $0x108,%rsp
4: /x $r13 = 0xfffffffff3732349
(gdb)
0x00007ffff6f8d35a 37 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d35a <__GI___vasprintf_chk+26>: push %rbx
4: /x $r13 = 0xfffffffff3732349
(gdb)
0x00007ffff6f8d359 37 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d359 <__GI___vasprintf_chk+25>: push %rbp
4: /x $r13 = 0xfffffffff3732349
(gdb)
0x00007ffff6f8d354 37 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d354 <__GI___vasprintf_chk+20>: mov $0x64,%edi
4: /x $r13 = 0xfffffffff3732349
(gdb)
0x00007ffff6f8d351 37 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d351 <__GI___vasprintf_chk+17>: mov %rdi,%r12
4: /x $r13 = 0xfffffffff3732349
(gdb)
0x00007ffff6f8d34f 37 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d34f <__GI___vasprintf_chk+15>: push %r12
4: /x $r13 = 0xfffffffff3732349
(gdb)
0x00007ffff6f8d34c 37 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d34c <__GI___vasprintf_chk+12>: mov %rdx,%r13
4: /x $r13 = 0xfffffffff3732349
(gdb) undisp 4
(gdb) print/x $rdx
$3 = 0xfffffffff3732349
(gdb) display/x $rdx
5: /x $rdx = 0xfffffffff3732349
(gdb) reverse-stepi
0x00007ffff6f8d34a 37 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d34a <__GI___vasprintf_chk+10>: push %r13
5: /x $rdx = 0xfffffffff3732349
(gdb)
0x00007ffff6f8d347 37 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d347 <__GI___vasprintf_chk+7>: mov %rcx,%r14
5: /x $rdx = 0xfffffffff3732349
(gdb)
0x00007ffff6f8d345 37 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d345 <__GI___vasprintf_chk+5>: push %r14
5: /x $rdx = 0xfffffffff3732349
(gdb)
0x00007ffff6f8d342 37 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d342 <__GI___vasprintf_chk+2>: mov %esi,%r15d
5: /x $rdx = 0xfffffffff3732349
(gdb)
37 in vasprintf_chk.c
1: x/i $pc
=> 0x7ffff6f8d340 <__GI___vasprintf_chk>: push %r15
5: /x $rdx = 0xfffffffff3732349
(gdb)
0x00007ffff7293870 in __vasprintf_chk@plt () from
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
1: x/i $pc
=> 0x7ffff7293870 <__vasprintf_chk@plt>: jmpq *0x101432(%rip) #
0x7ffff7394ca8 <__vasprintf_...@got.plt>
5: /x $rdx = 0xfffffffff3732349
(gdb)
vasprintf (__ap=<optimized out>, __fmt=<optimized out>, __ptr=0x7fffffffe330)
at /usr/include/x86_64-linux-gnu/bits/stdio2.h:213
warning: Source file is more recent than executable.
213 return __vasprintf_chk (__ptr, __USE_FORTIFY_LEVEL - 1, __fmt, __ap);
1: x/i $pc
=> 0x7ffff730bef4 <g_vasprintf+20>: callq 0x7ffff7293870
<__vasprintf_chk@plt>
5: /x $rdx = 0xfffffffff3732349
(gdb)
0x00007ffff730bef1 320 ../../../glib/gprintf.c: Datei oder Verzeichnis
nicht gefunden.
1: x/i $pc
=> 0x7ffff730bef1 <g_vasprintf+17>: mov %rdi,%rbx
5: /x $rdx = 0xfffffffff3732349
(gdb)
0x00007ffff730beec 320 in ../../../glib/gprintf.c
1: x/i $pc
=> 0x7ffff730beec <g_vasprintf+12>: mov $0x1,%esi
5: /x $rdx = 0xfffffffff3732349
(gdb)
0x00007ffff730bee9 320 in ../../../glib/gprintf.c
1: x/i $pc
=> 0x7ffff730bee9 <g_vasprintf+9>: mov %rsi,%rdx
5: /x $rdx = 0x7fffffffe350
(gdb) undisp 5
(gdb) display/x $rsi
6: /x $rsi = 0xfffffffff3732349
(gdb) reverse-stepi
0x00007ffff730bee6 320 in ../../../glib/gprintf.c
1: x/i $pc
=> 0x7ffff730bee6 <g_vasprintf+6>: mov %rdx,%rcx
6: /x $rsi = 0xfffffffff3732349
(gdb)
0x00007ffff730bee4 in g_vasprintf (string=string@entry=0x7fffffffe330,
format=0xfffffffff3732349 <error: Cannot access memory at address
0xfffffffff3732349>, args=args@entry=0x7fffffffe350) at
../../../glib/gprintf.c:320
320 in ../../../glib/gprintf.c
1: x/i $pc
=> 0x7ffff730bee4 <g_vasprintf+4>: je 0x7ffff730bf10 <g_vasprintf+48>
6: /x $rsi = 0xfffffffff3732349
(gdb)
0x00007ffff730bee1 320 in ../../../glib/gprintf.c
1: x/i $pc
=> 0x7ffff730bee1 <g_vasprintf+1>: test %rdi,%rdi
6: /x $rsi = 0xfffffffff3732349
(gdb)
320 in ../../../glib/gprintf.c
1: x/i $pc
=> 0x7ffff730bee0 <g_vasprintf>: push %rbx
6: /x $rsi = 0xfffffffff3732349
(gdb)
g_strdup_vprintf (format=0xfffffffff3732349 <error: Cannot access memory at
address 0xfffffffff3732349>, args=args@entry=0x7fffffffe350) at
../../../glib/gstrfuncs.c:514
514 ../../../glib/gstrfuncs.c: Datei oder Verzeichnis nicht gefunden.
1: x/i $pc
=> 0x7ffff72e5558 <g_strdup_vprintf+40>: callq 0x7ffff730bee0
<g_vasprintf>
6: /x $rsi = 0xfffffffff3732349
(gdb)
0x00007ffff72e5550 512 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e5550 <g_strdup_vprintf+32>: movq $0x0,(%rsp)
6: /x $rsi = 0xfffffffff3732349
(gdb)
0x00007ffff72e554d 512 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e554d <g_strdup_vprintf+29>: mov %rax,%rsi
6: /x $rsi = 0x7fffffffe350
(gdb) undisp 6
(gdb) display/x $rax
7: /x $rax = 0xfffffffff3732349
(gdb) reverse-stepi
512 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e554a <g_strdup_vprintf+26>: mov %rsp,%rdi
7: /x $rax = 0xfffffffff3732349
(gdb)
0x00007ffff72e5548 511 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e5548 <g_strdup_vprintf+24>: xor %ecx,%ecx
7: /x $rax = 0xfffffffff3732349
(gdb)
0x00007ffff72e5543 511 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e5543 <g_strdup_vprintf+19>: mov %rcx,0x8(%rsp)
7: /x $rax = 0xfffffffff3732349
(gdb)
0x00007ffff72e553a 511 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e553a <g_strdup_vprintf+10>: mov %fs:0x28,%rcx
7: /x $rax = 0xfffffffff3732349
(gdb)
0x00007ffff72e5537 511 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e5537 <g_strdup_vprintf+7>: mov %rsi,%rdx
7: /x $rax = 0xfffffffff3732349
(gdb)
0x00007ffff72e5534 511 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e5534 <g_strdup_vprintf+4>: mov %rdi,%rax
7: /x $rax = 0x7fffffffe370
(gdb) undisp 7
(gdb) display/x $rdi
8: /x $rdi = 0xfffffffff3732349
(gdb) reverse-stepi
511 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e5530 <g_strdup_vprintf>: sub $0x18,%rsp
8: /x $rdi = 0xfffffffff3732349
(gdb)
g_strdup_printf (format=0xfffffffff3732349 <error: Cannot access memory at
address 0xfffffffff3732349>) at ../../../glib/gstrfuncs.c:540
540 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e5614 <g_strdup_printf+148>: callq 0x7ffff72e5530
<g_strdup_vprintf>
8: /x $rdi = 0xfffffffff3732349
(gdb)
0x00007ffff72e560f 539 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e560f <g_strdup_printf+143>: mov %rax,0x10(%rsp)
8: /x $rdi = 0xfffffffff3732349
(gdb)
0x00007ffff72e5607 539 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e5607 <g_strdup_printf+135>: movl $0x30,0x4(%rsp)
8: /x $rdi = 0xfffffffff3732349
(gdb)
0x00007ffff72e5602 539 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e5602 <g_strdup_printf+130>: lea 0x20(%rsp),%rax
8: /x $rdi = 0xfffffffff3732349
(gdb)
0x00007ffff72e55fd 539 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e55fd <g_strdup_printf+125>: mov %rax,0x8(%rsp)
8: /x $rdi = 0xfffffffff3732349
(gdb)
0x00007ffff72e55f6 539 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e55f6 <g_strdup_printf+118>: movl $0x8,(%rsp)
8: /x $rdi = 0xfffffffff3732349
(gdb)
0x00007ffff72e55f3 539 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e55f3 <g_strdup_printf+115>: mov %rsp,%rsi
8: /x $rdi = 0xfffffffff3732349
(gdb)
539 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e55eb <g_strdup_printf+107>: lea 0xe0(%rsp),%rax
8: /x $rdi = 0xfffffffff3732349
(gdb)
0x00007ffff72e55e9 535 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e55e9 <g_strdup_printf+105>: xor %eax,%eax
8: /x $rdi = 0xfffffffff3732349
(gdb)
0x00007ffff72e55e4 535 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e55e4 <g_strdup_printf+100>: mov %rax,0x18(%rsp)
8: /x $rdi = 0xfffffffff3732349
(gdb)
0x00007ffff72e55db 535 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e55db <g_strdup_printf+91>: mov %fs:0x28,%rax
8: /x $rdi = 0xfffffffff3732349
(gdb)
0x00007ffff72e55a2 535 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e55a2 <g_strdup_printf+34>: je 0x7ffff72e55db
<g_strdup_printf+91>
8: /x $rdi = 0xfffffffff3732349
(gdb)
0x00007ffff72e55a0 535 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e55a0 <g_strdup_printf+32>: test %al,%al
8: /x $rdi = 0xfffffffff3732349
(gdb)
0x00007ffff72e559b 535 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e559b <g_strdup_printf+27>: mov %r9,0x48(%rsp)
8: /x $rdi = 0xfffffffff3732349
(gdb)
0x00007ffff72e5596 535 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e5596 <g_strdup_printf+22>: mov %r8,0x40(%rsp)
8: /x $rdi = 0xfffffffff3732349
(gdb)
0x00007ffff72e5591 535 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e5591 <g_strdup_printf+17>: mov %rcx,0x38(%rsp)
8: /x $rdi = 0xfffffffff3732349
(gdb)
0x00007ffff72e558c 535 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e558c <g_strdup_printf+12>: mov %rdx,0x30(%rsp)
8: /x $rdi = 0xfffffffff3732349
(gdb)
0x00007ffff72e5587 535 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e5587 <g_strdup_printf+7>: mov %rsi,0x28(%rsp)
8: /x $rdi = 0xfffffffff3732349
(gdb)
535 in ../../../glib/gstrfuncs.c
1: x/i $pc
=> 0x7ffff72e5580 <g_strdup_printf>: sub $0xd8,%rsp
8: /x $rdi = 0xfffffffff3732349
(gdb)
0x00005555555632f0 in g_strdup_printf@plt ()
1: x/i $pc
=> 0x5555555632f0 <g_strdup_printf@plt>: jmpq *0x35e82(%rip) #
0x555555599178 <g_strdup_pri...@got.plt>
8: /x $rdi = 0xfffffffff3732349
(gdb)
0x0000555555565043 in main_window_init () at main.c:319
319 ttip = g_strdup_printf (tmp, "Espeak");
1: x/i $pc
=> 0x555555565043 <main+1283>: callq 0x5555555632f0 <g_strdup_printf@plt>
8: /x $rdi = 0xfffffffff3732349
(gdb)
0x0000555555565041 319 ttip = g_strdup_printf (tmp, "Espeak");
1: x/i $pc
=> 0x555555565041 <main+1281>: xor %eax,%eax
8: /x $rdi = 0xfffffffff3732349
(gdb)
0x000055555556503e 319 ttip = g_strdup_printf (tmp, "Espeak");
1: x/i $pc
=> 0x55555556503e <main+1278>: movslq %eax,%rdi
8: /x $rdi = 0x7ffff703fa60
(gdb) print/x $eax
$4 = 0xf3732349
(gdb) bt
#0 0x000055555556503e in main_window_init () at main.c:319
#1 0x000055555556503e in main (argc=<optimized out>, argv=<optimized out>) at
main.c:475
--> $eax=0xf3732349 gets copied into $rdi=0xfffffffff3732349
#####################
gdb -q \
-ex 'set width 0' \
-ex 'set pagination off' \
-ex 'directory /home/benutzer/source/klavaro/orig/klavaro-3.03/src' \
-ex 'directory /home/benutzer/source/glibc/orig/glibc-2.28/intl' \
-ex 'display/i $pc' \
-ex 'b main' \
-ex 'run' \
-ex 'dele 1' \
-ex 'print main+1266' \
-ex 'b *$1' \
-ex 'display/x $eax' \
-ex 'display/x $rdi' \
-ex 'cont' \
--args klavaro
benutzer@debian:~$ gdb -q \
> -ex 'set width 0' \
> -ex 'set pagination off' \
> -ex 'directory /home/benutzer/source/klavaro/orig/klavaro-3.03/src' \
> -ex 'directory /home/benutzer/source/glibc/orig/glibc-2.28/intl' \
> -ex 'display/i $pc' \
> -ex 'b main' \
> -ex 'run' \
> -ex 'dele 1' \
> -ex 'print main+1266' \
> -ex 'b *$1' \
> -ex 'display/x $eax' \
> -ex 'display/x $rdi' \
> -ex 'cont' \
> --args klavaro
Reading symbols from klavaro...Reading symbols from
/usr/lib/debug/.build-id/33/f76701badabdac469e407b2e0a6a48afaf5131.debug...done.
done.
Source directories searched:
/home/benutzer/source/klavaro/orig/klavaro-3.03/src:$cdir:$cwd
Source directories searched:
/home/benutzer/source/glibc/orig/glibc-2.28/intl:/home/benutzer/source/klavaro/orig/klavaro-3.03/src:$cdir:$cwd
1: x/i $pc
<error: No registers.>
Breakpoint 1 at 0x10b40: file main.c, line 420.
Starting program: /usr/bin/klavaro
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Breakpoint 1, main (argc=1, argv=0x7fffffffe5c8) at main.c:420
420 {
1: x/i $pc
=> 0x555555564b40 <main>: push %rbp
$1 = (int (*)(int, char **)) 0x555555565032 <main+1266>
Breakpoint 2 at 0x555555565032: file main.c, line 317.
2: /x $eax = 0x55564b40
3: /x $rdi = 0x1
Continuing.
[New Thread 0x7ffff35b5700 (LWP 5288)]
[New Thread 0x7ffff2db4700 (LWP 5289)]
[New Thread 0x7ffff25b3700 (LWP 5290)]
[New Thread 0x7ffff1db2700 (LWP 5291)]
Thread 1 "klavaro" hit Breakpoint 2, 0x0000555555565032 in main_window_init ()
at main.c:317
317 tmp = dngettext (PACKAGE, "Dictation mode (depends on this
speech synthesizer: %s)",
1: x/i $pc
=> 0x555555565032 <main+1266>: callq 0x555555563590 <dngettext@plt>
2: /x $eax = 0x0
3: /x $rdi = 0x55555558928b
(gdb) nexti
[Thread 0x7ffff25b3700 (LWP 5290) exited]
319 ttip = g_strdup_printf (tmp, "Espeak");
1: x/i $pc
=> 0x555555565037 <main+1271>: lea 0x2406e(%rip),%rsi #
0x5555555890ac
2: /x $eax = 0xf3732349
3: /x $rdi = 0x7ffff703fa60
(gdb)
0x000055555556503e 319 ttip = g_strdup_printf (tmp, "Espeak");
1: x/i $pc
=> 0x55555556503e <main+1278>: movslq %eax,%rdi
2: /x $eax = 0xf3732349
3: /x $rdi = 0x7ffff703fa60
(gdb)
0x0000555555565041 319 ttip = g_strdup_printf (tmp, "Espeak");
1: x/i $pc
=> 0x555555565041 <main+1281>: xor %eax,%eax
2: /x $eax = 0xf3732349
3: /x $rdi = 0xfffffffff3732349
(gdb)
0x0000555555565043 319 ttip = g_strdup_printf (tmp, "Espeak");
1: x/i $pc
=> 0x555555565043 <main+1283>: callq 0x5555555632f0 <g_strdup_printf@plt>
2: /x $eax = 0x0
3: /x $rdi = 0xfffffffff3732349
(gdb)
[Thread 0x7ffff2db4700 (LWP 5289) exited]
Thread 1 "klavaro" received signal SIGSEGV, Segmentation fault.
__strchrnul_sse2 () at ../sysdeps/x86_64/multiarch/../strchr.S:32
32 movdqu (%rdi), %xmm0
1: x/i $pc
=> 0x7ffff6f1af33 <__strchrnul_sse2+35>: movdqu (%rdi),%xmm0
2: /x $eax = 0x349
3: /x $rdi = 0xfffffffff3732349
(gdb) bt
#0 0x00007ffff6f1af33 in __strchrnul_sse2 () at
../sysdeps/x86_64/multiarch/../strchr.S:32
#1 0x00007ffff6ed2c49 in __find_specmb (format=0xfffffffff3732349 <error:
Cannot access memory at address 0xfffffffff3732349>) at printf-parse.h:108
#2 0x00007ffff6ed2c49 in _IO_vfprintf_internal (s=s@entry=0x7fffffffe1e0,
format=format@entry=0xfffffffff3732349 <error: Cannot access memory at address
0xfffffffff3732349>, ap=ap@entry=0x7fffffffe350) at vfprintf.c:1315
#3 0x00007ffff6f8d408 in __GI___vasprintf_chk
(result_ptr=result_ptr@entry=0x7fffffffe330, flags=flags@entry=1,
format=0xfffffffff3732349 <error: Cannot access memory at address
0xfffffffff3732349>, format@entry=0x7fffffffe330 "", args=0x7fffffffe350) at
vasprintf_chk.c:66
#4 0x00007ffff730bef9 in vasprintf (__ap=<optimized out>, __fmt=<optimized
out>, __ptr=0x7fffffffe330) at /usr/include/x86_64-linux-gnu/bits/stdio2.h:213
#5 0x00007ffff730bef9 in g_vasprintf (string=string@entry=0x7fffffffe330,
format=<optimized out>, args=args@entry=0x7fffffffe350) at
../../../glib/gprintf.c:330
#6 0x00007ffff72e555d in g_strdup_vprintf (format=<optimized out>,
args=args@entry=0x7fffffffe350) at ../../../glib/gstrfuncs.c:514
#7 0x00007ffff72e5619 in g_strdup_printf (format=<optimized out>) at
../../../glib/gstrfuncs.c:540
#8 0x0000555555565048 in main_window_init () at main.c:319
#9 0x0000555555565048 in main (argc=<optimized out>, argv=<optimized out>) at
main.c:475
#####################
cd source/klavaro
cp orig try1 -a
cd try1/klavaro-3.03
dpkg-buildpackage
gcc -DHAVE_CONFIG_H -I. -I.. -pthread -I/usr/include/gtk-3.0
-I/usr/include/at-spi2-atk/2.0 -I/usr/include/at-spi-2.0
-I/usr/include/dbus-1.0 -I/usr/lib/x86_64-linux-gnu/dbus-1.0/include
-I/usr/include/gtk-3.0 -I/usr/include/gio-unix-2.0 -I/usr/include/cairo
-I/usr/include/libdrm -I/usr/include/pango-1.0 -I/usr/include/harfbuzz
-I/usr/include/pango-1.0 -I/usr/include/fribidi -I/usr/include/atk-1.0
-I/usr/include/cairo -I/usr/include/pixman-1 -I/usr/include/freetype2
-I/usr/include/libpng16 -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/libmount
-I/usr/include/blkid -I/usr/include/uuid -I/usr/include/glib-2.0
-I/usr/lib/x86_64-linux-gnu/glib-2.0/include
-DPACKAGE_DATA_DIR=\""/usr/share"\"
-DPACKAGE_LOCALE_DIR=\""/usr/share/locale"\" -Wdate-time -D_FORTIFY_SOURCE=2
-Wextra -I../gtkdatabox -export-dynamic -g -O2
-fdebug-prefix-map=/home/benutzer/source/klavaro/try1/klavaro-3.03=.
-fstack-protector-strong -Wformat -Werror=format-security -c -o main.o main.c
gcc -DHAVE_CONFIG_H -I. -I.. -pthread -I/usr/include/gtk-3.0
-I/usr/include/at-spi2-atk/2.0 -I/usr/include/at-spi-2.0
-I/usr/include/dbus-1.0 -I/usr/lib/x86_64-linux-gnu/dbus-1.0/include
-I/usr/include/gtk-3.0 -I/usr/include/gio-unix-2.0 -I/usr/include/cairo
-I/usr/include/libdrm -I/usr/include/pango-1.0 -I/usr/include/harfbuzz
-I/usr/include/pango-1.0 -I/usr/include/fribidi -I/usr/include/atk-1.0
-I/usr/include/cairo -I/usr/include/pixman-1 -I/usr/include/freetype2
-I/usr/include/libpng16 -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/libmount
-I/usr/include/blkid -I/usr/include/uuid -I/usr/include/glib-2.0
-I/usr/lib/x86_64-linux-gnu/glib-2.0/include
-DPACKAGE_DATA_DIR=\""/usr/share"\"
-DPACKAGE_LOCALE_DIR=\""/usr/share/locale"\" -Wdate-time -D_FORTIFY_SOURCE=2
-Wextra -I../gtkdatabox -export-dynamic -g -O2
-fdebug-prefix-map=/home/benutzer/source/klavaro/try1/klavaro-3.03=.
-fstack-protector-strong -Wformat -Werror=format-security -c -o tutor.o tutor.c
main.c: In function ‘main_window_init’:
main.c:317:8: warning: implicit declaration of function ‘dngettext’; did you
mean ‘dcgettext’? [-Wimplicit-function-declaration]
tmp = dngettext (PACKAGE, "Dictation mode (depends on this speech
synthesizer: %s)",
^~~~~~~~~
dcgettext
main.c:317:6: warning: assignment to ‘gchar *’ {aka ‘char *’} from ‘int’ makes
pointer from integer without a cast [-Wint-conversion]
tmp = dngettext (PACKAGE, "Dictation mode (depends on this speech
synthesizer: %s)",
^
tutor.c:1227:11: warning: implicit declaration of function ‘dngettext’; did you
mean ‘dcgettext’? [-Wimplicit-function-declaration]
dngettext (PACKAGE, "minute and", "minutes and", minutes),
^~~~~~~~~
dcgettext
dpkg -i /home/benutzer/source/klavaro/try2/klavaro{,-dbgsym}_3.03-1_amd64.deb
#####################
set width 0
set pagination off
directory /home/benutzer/source/klavaro/orig/klavaro-3.03/src
directory /home/benutzer/source/glibc/orig/glibc-2.28/intl
