I just spent some time chasing a mistake that boiled down to the following. The code erroneously overwrote the stack, and I think it wrote over the return address of the function call. After returning, the program will work and the stack will be damaged. Running the program in valgrind will result in an error, for example:
vex x86->IR: unhandled instruction bytes: 0xEA 0x3 0x0 0x0
==9222== valgrind: Unrecognised instruction at address 0x4e925a8.
I believe this is because the return has moved to a random location containing invalid x86 opcodes. (Although I am somehow suspicious that this address 0x4e925a8 was on the executable page. I believe that valgrind will give a different error if it is not.)
I am sure the problem is with the type of stack overwriting, and since then I fixed it. Now I am trying to think how I could better catch such errors. Obviously valgrind cannot warn me if I rewrote the data on the stack, but maybe it can catch when someone writes over the return address on the stack. Basically, it can detect when something like "push EIP" happens (so it can indicate where the return addresses are on the stack).
I was wondering if anyone knows if Valgrind or something else can do? If not, can you comment on other suggestions regarding this type of debugging error efficiently.
source
share