Re: [fluid-dev] glib crash

[David Henningsson]

On 08/21/2013 01:37 PM, address@hidden wrote:
> Hi,
> 
> so I moved along with this problem, analyzing the core dump.
> Unfortunately, I did not have the symbols of glib (it seems that 'brew
> install --test glib' did not build a debug version of glib despite what
> the doc says).
> But I could disassemble the faulty function :
> 
> Dump of assembler code for function thread_memory_from_self:
> 0x06284401 <thread_memory_from_self+0>:push   %ebp
> 0x06284402 <thread_memory_from_self+1>:mov    %esp,%ebp
> 0x06284404 <thread_memory_from_self+3>:push   %ebx
> 0x06284405 <thread_memory_from_self+4>:push   %edi
> 0x06284406 <thread_memory_from_self+5>:push   %esi
> 0x06284407 <thread_memory_from_self+6>:sub    $0x1c,%esp
> 0x0628440a <thread_memory_from_self+9>:call   0x628440f
> <thread_memory_from_self+14>
> 0x0628440f <thread_memory_from_self+14>:pop    %ebx
> 0x06284410 <thread_memory_from_self+15>:lea    0xa41b9(%ebx),%edi
> 0x06284416 <thread_memory_from_self+21>:mov    %edi,(%esp)
> 0x06284419 <thread_memory_from_self+24>:call   0x62a596d <g_private_get>
> 0x0628441e <thread_memory_from_self+29>:mov    %eax,%esi
> 0x06284420 <thread_memory_from_self+31>:test   %esi,%esi
> 0x06284422 <thread_memory_from_self+33>:je     0x628442e
> <thread_memory_from_self+45>
> 0x06284424 <thread_memory_from_self+35>:mov    %esi,%eax
> 0x06284426 <thread_memory_from_self+37>:add    $0x1c,%esp
> 0x06284429 <thread_memory_from_self+40>:pop    %esi
> 0x0628442a <thread_memory_from_self+41>:pop    %edi
> 0x0628442b <thread_memory_from_self+42>:pop    %ebx
> 0x0628442c <thread_memory_from_self+43>:pop    %ebp
> 0x0628442d <thread_memory_from_self+44>:ret    
> 0x0628442e <thread_memory_from_self+45>:lea    0xa47dd(%ebx),%esi
> 0x06284434 <thread_memory_from_self+51>:mov    %esi,(%esp)
> 0x06284437 <thread_memory_from_self+54>:call   0x62a5351 <g_mutex_lock>
> 0x0628443c <thread_memory_from_self+59>:cmpl   $0x0,0xa4781(%ebx)
> 0x06284446 <thread_memory_from_self+69>:je     0x6284488
> <thread_memory_from_self+135>
> 0x06284448 <thread_memory_from_self+71>:mov    %esi,(%esp)
> 0x0628444b <thread_memory_from_self+74>:call   0x62a5402 <g_mutex_unlock>
> 0x06284450 <thread_memory_from_self+79>:mov    0xa4789(%ebx),%ebx
> 0x06284456 <thread_memory_from_self+85>:add    $0xffffffe8,%ebx
> 0x06284459 <thread_memory_from_self+88>:shr    $0x6,%ebx
> 0x0628445c <thread_memory_from_self+91>:mov    %ebx,%eax
> 0x0628445e <thread_memory_from_self+93>:shl    $0x4,%eax
> 0x06284461 <thread_memory_from_self+96>:or     $0x8,%eax
> 0x06284464 <thread_memory_from_self+99>:mov    %eax,(%esp)
> 0x06284467 <thread_memory_from_self+102>:call   0x62728c3 <g_malloc0>
> 0x0628446c <thread_memory_from_self+107>:mov    %eax,%esi
> 0x0628446e <thread_memory_from_self+109>:lea    0x8(%esi),%eax
> 0x06284471 <thread_memory_from_self+112>:mov    %eax,(%esi)
> 0x06284473 <thread_memory_from_self+114>:lea    0x8(%esi,%ebx,8),%eax
> 0x06284477 <thread_memory_from_self+118>:mov    %eax,0x4(%esi)
> 0x0628447a <thread_memory_from_self+121>:mov    %esi,0x4(%esp)
> 0x0628447e <thread_memory_from_self+125>:mov    %edi,(%esp)
> 0x06284481 <thread_memory_from_self+128>:call   0x62a5a2f <g_private_set>
> 0x06284486 <thread_memory_from_self+133>:jmp    0x6284424
> <thread_memory_from_self+35>
> 0x06284488 <thread_memory_from_self+135>:movl   $0x1d,(%esp)
> 0x0628448f <thread_memory_from_self+142>:call   0x62cccac
> <dyld_stub_sysconf>
> 0x06284494 <thread_memory_from_self+147>:mov    %eax,0xa4781(%ebx)
> 0x0628449a <thread_memory_from_self+153>:cmp    $0x1ff,%eax
> 0x0628449f <thread_memory_from_self+158>:jbe    0x6284583
> <thread_memory_from_self+386>
> 0x062844a5 <thread_memory_from_self+164>:lea    -0x1(%eax),%ecx
> 0x062844a8 <thread_memory_from_self+167>:test   %ecx,%eax
> 0x062844aa <thread_memory_from_self+169>:jne    0x628458b
> <thread_memory_from_self+394>
> 0x062844b0 <thread_memory_from_self+175>:mov    0xa41b5(%ebx),%eax
> 0x062844b6 <thread_memory_from_self+181>:mov    %eax,0xa479d(%ebx)
> *0x062844bc <thread_memory_from_self+187>:lds    (bad),%edi*
> 0x062844bd <thread_memory_from_self+188>:sti    
> 0x062844be <thread_memory_from_self+189>:adc    %al,0xa41ad(%ebx)
> 0x062844c4 <thread_memory_from_self+195>:lds    (bad),%edi
> 0x062844c5 <thread_memory_from_self+196>:sti    
> 0x062844c6 <thread_memory_from_self+197>:adc    %eax,0xa4795(%ebx)
> 0x062844cc <thread_memory_from_self+203>:lds    (bad),%edi
> 0x062844cd <thread_memory_from_self+204>:sti    
> 0x062844ce <thread_memory_from_self+205>:adc    %al,0xa41a5(%ebx)
> 0x062844d4 <thread_memory_from_self+211>:lds    (bad),%edi
> 0x062844d5 <thread_memory_from_self+212>:sti    
> 0x062844d6 <thread_memory_from_self+213>:adc    %eax,0xa478d(%ebx)
> 0x062844dc <thread_memory_from_self+219>:lea    0x5a55e(%ebx),%eax
> 0x062844e2 <thread_memory_from_self+225>:mov    %eax,(%esp)
> 0x062844e5 <thread_memory_from_self+228>:call   0x62cca0c <dyld_stub_getenv>
> 0x062844ea <thread_memory_from_self+233>:test   %eax,%eax
> 0x062844ec <thread_memory_from_self+235>:je     0x6284524
> <thread_memory_from_self+291>
> 0x062844ee <thread_memory_from_self+237>:lea    0xa4345(%ebx),%ecx
> 0x062844f4 <thread_memory_from_self+243>:mov    %ecx,0x4(%esp)
> 0x062844f8 <thread_memory_from_self+247>:mov    %eax,(%esp)
> 0x062844fb <thread_memory_from_self+250>:movl   $0x2,0x8(%esp)
> 0x06284503 <thread_memory_from_self+258>:call   0x626a3b2
> <g_parse_debug_string>
> 0x06284508 <thread_memory_from_self+263>:test   $0x1,%al
> 0x0628450a <thread_memory_from_self+265>:je     0x6284516
> <thread_memory_from_self+277>
> 0x0628450c <thread_memory_from_self+267>:movl   $0x1,0xa478d(%ebx)
> 0x06284516 <thread_memory_from_self+277>:test   $0x2,%al
> 0x06284518 <thread_memory_from_self+279>:je     0x6284524
> <thread_memory_from_self+291>
> 0x0628451a <thread_memory_from_self+281>:movl   $0x1,0xa4795(%ebx)
> 0x06284524 <thread_memory_from_self+291>:mov    $0x1000,%ecx
> 0x06284529 <thread_memory_from_self+296>:mov    0xa4781(%ebx),%eax
> 0x0628452f <thread_memory_from_self+302>:cmp    $0x1000,%eax
> 0x06284534 <thread_memory_from_self+307>:cmova  %eax,%ecx
> 0x06284537 <thread_memory_from_self+310>:mov    $0x2000,%eax
> 0x0628453c <thread_memory_from_self+315>:cmp    $0x2000,%ecx
> 0x06284542 <thread_memory_from_self+321>:cmova  %ecx,%eax
> 0x06284545 <thread_memory_from_self+324>:mov    %eax,0xa4789(%ebx)
> 0x0628454b <thread_memory_from_self+330>:mov    $0x80,%edx
> 0x06284550 <thread_memory_from_self+335>:cmp    $0x80,%ecx
> 0x06284556 <thread_memory_from_self+341>:cmovb  %ecx,%edx
> 0x06284559 <thread_memory_from_self+344>:mov    %edx,0xa4785(%ebx)
> 0x0628455f <thread_memory_from_self+350>:cmpl   $0x0,0xa478d(%ebx)
> 0x06284569 <thread_memory_from_self+360>:je     0x62845a3
> <thread_memory_from_self+418>
> 0x0628456b <thread_memory_from_self+362>:movl   $0x0,0xa47b1(%ebx)
> 0x06284575 <thread_memory_from_self+372>:movl   $0x0,0xa47ad(%ebx)
> 0x0628457f <thread_memory_from_self+382>:xor    %eax,%eax
> 0x06284581 <thread_memory_from_self+384>:jmp    0x62845fd
> <thread_memory_from_self+508>
> 0x06284583 <thread_memory_from_self+386>:lea    0x5a50f(%ebx),%eax
> 0x06284589 <thread_memory_from_self+392>:jmp    0x6284591
> <thread_memory_from_self+400>
> 0x0628458b <thread_memory_from_self+394>:lea    0x5a533(%ebx),%eax
> 0x06284591 <thread_memory_from_self+400>:mov    %eax,0x4(%esp)
> 0x06284595 <thread_memory_from_self+404>:lea    0x5a423(%ebx),%eax
> 0x0628459b <thread_memory_from_self+410>:mov    %eax,(%esp)
> 0x0628459e <thread_memory_from_self+413>:call   0x6285275 <mem_error>
> 0x062845a3 <thread_memory_from_self+418>:add    $0xffffffe8,%eax
> 0x062845a6 <thread_memory_from_self+421>:shr    $0x6,%eax
> 0x062845a9 <thread_memory_from_self+424>:mov    %eax,(%esp)
> 0x062845ac <thread_memory_from_self+427>:movl   $0x4,0x4(%esp)
> 0x062845b4 <thread_memory_from_self+435>:call   0x6272ae2 <g_malloc0_n>
> 0x062845b9 <thread_memory_from_self+440>:mov    %eax,0xa47b1(%ebx)
> 0x062845bf <thread_memory_from_self+446>:mov    0xa4789(%ebx),%eax
> 0x062845c5 <thread_memory_from_self+452>:add    $0xffffffe8,%eax
> 0x062845c8 <thread_memory_from_self+455>:shr    $0x6,%eax
> 0x062845cb <thread_memory_from_self+458>:mov    %eax,(%esp)
> 0x062845ce <thread_memory_from_self+461>:movl   $0x4,0x4(%esp)
> 0x062845d6 <thread_memory_from_self+469>:call   0x6272ae2 <g_malloc0_n>
> 0x062845db <thread_memory_from_self+474>:mov    %eax,0xa47ad(%ebx)
> 0x062845e1 <thread_memory_from_self+480>:mov    0xa4789(%ebx),%eax
> 0x062845e7 <thread_memory_from_self+486>:add    $0xffffffe8,%eax
> 0x062845ea <thread_memory_from_self+489>:shr    $0x6,%eax
> 0x062845ed <thread_memory_from_self+492>:mov    %eax,(%esp)
> 0x062845f0 <thread_memory_from_self+495>:movl   $0x4,0x4(%esp)
> 0x062845f8 <thread_memory_from_self+503>:call   0x6272ae2 <g_malloc0_n>
> 0x062845fd <thread_memory_from_self+508>:mov    %eax,0xa47c9(%ebx)
> 0x06284603 <thread_memory_from_self+514>:lea    0xa47a5(%ebx),%eax
> 0x06284609 <thread_memory_from_self+520>:mov    %eax,(%esp)
> 0x0628460c <thread_memory_from_self+523>:call   0x62a52c0 <g_mutex_init>
> 0x06284611 <thread_memory_from_self+528>:movl   $0x0,0xa47b5(%ebx)
> 0x0628461b <thread_memory_from_self+538>:movl   $0x7,0xa47b9(%ebx)
> 0x06284625 <thread_memory_from_self+548>:movl   $0x0,0xa47bd(%ebx)
> 0x0628462f <thread_memory_from_self+558>:lea    0xa47c1(%ebx),%eax
> 0x06284635 <thread_memory_from_self+564>:mov    %eax,(%esp)
> 0x06284638 <thread_memory_from_self+567>:call   0x62a52c0 <g_mutex_init>
> 0x0628463d <thread_memory_from_self+572>:movl   $0x0,0xa47cd(%ebx)
> 0x06284647 <thread_memory_from_self+582>:mov    0xa47b9(%ebx),%eax
> 0x0628464d <thread_memory_from_self+588>:cmp    $0x7,%eax
> 0x06284650 <thread_memory_from_self+591>:jb     0x6284682
> <thread_memory_from_self+641>
> 0x06284652 <thread_memory_from_self+593>:lea    -0x18(%ebp),%eax
> 0x06284655 <thread_memory_from_self+596>:mov    %eax,(%esp)
> 0x06284658 <thread_memory_from_self+599>:call   0x626d044
> <g_get_current_time>
> 0x0628465d <thread_memory_from_self+604>:mov    $0x10624dd3,%eax
> 0x06284662 <thread_memory_from_self+609>:imull  -0x14(%ebp)
> 0x06284665 <thread_memory_from_self+612>:mov    %edx,%eax
> 0x06284667 <thread_memory_from_self+614>:shr    $0x1f,%eax
> 0x0628466a <thread_memory_from_self+617>:sar    $0x6,%edx
> 0x0628466d <thread_memory_from_self+620>:add    %eax,%edx
> 0x0628466f <thread_memory_from_self+622>:imul   $0x3e8,-0x18(%ebp),%eax
> 0x06284676 <thread_memory_from_self+629>:add    %edx,%eax
> 0x06284678 <thread_memory_from_self+631>:mov    %eax,0xa47bd(%ebx)
> 0x0628467e <thread_memory_from_self+637>:xor    %eax,%eax
> 0x06284680 <thread_memory_from_self+639>:jmp    0x6284683
> <thread_memory_from_self+642>
> 0x06284682 <thread_memory_from_self+641>:inc    %eax
> 0x06284683 <thread_memory_from_self+642>:mov    %eax,0xa47b9(%ebx)
> 0x06284689 <thread_memory_from_self+648>:mov    0xa4789(%ebx),%eax
> 0x0628468f <thread_memory_from_self+654>:add    $0xffffffe8,%eax
> 0x06284692 <thread_memory_from_self+657>:shr    $0x3,%eax
> 0x06284695 <thread_memory_from_self+660>:mov    %eax,0xa47a1(%ebx)
> 0x0628469b <thread_memory_from_self+666>:mov    0xa4791(%ebx),%eax
> 0x062846a1 <thread_memory_from_self+672>:or     0xa478d(%ebx),%eax
> 0x062846a7 <thread_memory_from_self+678>:je     0x6284448
> <thread_memory_from_self+71>
> 0x062846ad <thread_memory_from_self+684>:movl   $0x0,0xa47a1(%ebx)
> 0x062846b7 <thread_memory_from_self+694>:jmp    0x6284448
> <thread_memory_from_self+71>
> End of assembler dump.
> 
> 
> As a reminder, the faulty instruction is on
> 0   libglib-2.0.0.dylib           0x062cb4bc thread_memory_from_self + 187
> 
> and the crash is :
> Exception Type:  EXC_BAD_INSTRUCTION (SIGILL)
> Exception Codes: 0x0000000000000001, 0x0000000000000000
> 
> I'm a bit surprised as it seems that the lds instruction is quite
> standard. What is strange is the (bad) argument.
> 
> What do you think ?
> Thank you

I think this memory are not meant to be interpreted as instructions. It
might be a table, a string, or something else.

I think you're either looking at a compiler bug, or the memory gets
overwritten somehow.

// David