On 24 July 2017 at 13:21, Hua Yanghao <huayang...@gmail.com> wrote: > I think I got where qemu went wrong, it should pick filesz instead of > memsz, right? ;-) > > You see here the filesz does not actually include the bss section > where if you only check the memsz then it overlaps. > > LOAD off 0x000000e0 vaddr 0x60000000 paddr 0x60000000 align 2**5 > filesz 0x0007773c memsz 0x00077c00 flags rwx > > ----- > PT_LOAD > > The array element specifies a loadable segment, described by p_filesz > and p_memsz. The bytes from the file are mapped to the beginning of > the memory segment. If the segment's memory size (p_memsz) is larger > than the file size (p_filesz), the "extra" bytes are defined to hold > the value 0 and to follow the segment's initialized area. The file > size may not be larger than the memory size. Loadable segment entries > in the program header table appear in ascending order, > > sorted on the p_vaddr member. > -----
In the bit of the spec you quote it says how p_memsz > p_filesz should be handled: "the 'extra' bytes are defined to hold the value 0". The segment itself is still p_memsz in size and the header defines that it has zeroes at the end of it. QEMU's loader needs to arrange that those zeroes are loaded. thanks -- PMM