We have a C ++ program with several threads running on Linux 2.6.32, with core dumps in one of the threads. By analyzing the main file using gdb-7.2 corss-compiled, we see that the failure instruction is here
0x11491178 <+208>: lwz r0,8(r9)
and are recorded in the display frame:
(gdb) info reg
r0 0x0 0
….
r9 0xdeaddead 3735936685
Which makes sense, since r9 has an invalid address value (actually heap heap heap we write) in the context of the process / thread.
The confusing bit is that r9 loads from this
0x1149116c <+196>: lwz r9,0(r4)
and r4 contains the value of the "first" and "first" parameters. GDB tells me the following data information:
(gdb) p data
$6 = (TextProcessorIF *) 0x4b3fe858
(gdb) p *data
$7 = {_vptr.TextProcessorIF = 0x128b5390}
(gdb) info symbol 0x128b5390
vtable for TextProcessorT<unsigned short> + 8 in section .rodata
In this context, everything is correct. So r9 should be set to 0x128b5390 instead of the "0xdeaddead" pattern, which is written when memory is free and returned back to the heap.
, , r9 , . , , , . , SIGSEGV , , , . , , , , , / , .
:
A) ?
B) , ( ), ?
C) /, SIGSEGV, ( )?
!