#include <stdio.h>
void dump(void)
{
printf("%s\n", "dump");
}
void fn(void)
{
char buf[64];
gets(buf);
}
int main(int argc, char **argv)
{
fn();
return 0;
}
The object code from ~/native_client/sdk/pepper_44$ ./toolchain/linux_x86_newlib/bin/x86_64-nacl-gcc main.c -o main.nexe yields:
0000000000020220 <fn>:
20220: 55 push %rbp
20221: 48 89 e5 mov %rsp,%rbp
20224: 83 ec 40 sub $0x40,%esp
20227: 4c 01 fc add %r15,%rsp
2022a: 8d 45 c0 lea -0x40(%rbp),%eax
2022d: 89 c7 mov %eax,%edi
2022f: 66 66 66 2e 0f 1f 84 data32 data32 nopw %cs:0x0(%rax,%rax,1)
20236: 00 00 00 00 00
2023b: e8 a0 12 00 00 callq 214e0 <gets>
20240: 48 89 ec mov %rbp,%rsp
20243: 41 5b pop %r11
20245: 44 89 dd mov %r11d,%ebp
20248: 4c 01 fd add %r15,%rbp
2024b: 41 5b pop %r11
2024d: 41 83 e3 e0 and $0xffffffe0,%r11d
20251: 4d 01 fb add %r15,%r11
20254: 41 ff e3 jmpq *%r11
20257: 66 0f 1f 84 00 00 00 nopw 0x0(%rax,%rax,1)
2025e: 00 00
but when I compile the same source code as a test using scons in the Native Client source:
~/native_client/src/native_client$ ./scons platform=x86-64 tests/exploit
scons: Reading SConscript files ...
SKIPPING test text_overlaps_rodata
SKIPPING test text_overlaps_data
There are 7 broken tests. Add --verbose to the command line for more information.
======================================================================
B U I L D - O U T P U T:
======================================================================
scons: done reading SConscript files.
scons: Building targets ...
scons: building associated VariantDir targets: scons-out/nacl-x86-64/obj/tests/exploit
________Compiling scons-out/nacl-x86-64/obj/tests/exploit/exploit.o
________Linking scons-out/nacl-x86-64/obj/tests/exploit/exploit.nexe
scons: `tests/exploit' is up to date.
scons: done building targets.
00000000000201e0 <fn>:
201e0: 83 ec 48 sub $0x48,%esp
201e3: 4c 01 fc add %r15,%rsp
201e6: 89 e7 mov %esp,%edi
201e8: 0f 1f 40 00 nopl 0x0(%rax)
201ec: 66 66 66 66 66 66 2e data32 data32 data32 data32 data32 nopw %cs:0x0(%rax,%rax,1)
201f3: 0f 1f 84 00 00 00 00
201fa: 00
201fb: e8 60 1e 00 00 callq 22060 <gets>
20200: 83 c4 48 add $0x48,%esp
20203: 4c 01 fc add %r15,%rsp
20206: 41 5b pop %r11
20208: 41 83 e3 e0 and $0xffffffe0,%r11d
2020c: 4d 01 fb add %r15,%r11
2020f: 41 ff e3 jmpq *%r11
20212: 66 66 66 66 66 2e 0f data32 data32 data32 data32 nopw %cs:0x0(%rax,%rax,1)
which you might have observed does not push %rbp onto the stack and then mov %rsp, $rbp. Rather, it appears to allocate an extra 8 bytes of the stack via sub $0x48, %esp, which is enough space for both the 64 byte buffer and 8 byte return address, but I see no mov of %rbp onto the stack?
Can someone explain this difference in object code between seemingly identical compilation phases?
--
You received this message because you are subscribed to the Google Groups "Native-Client-Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to native-client-di...@googlegroups.com.
To post to this group, send email to native-cli...@googlegroups.com.
Visit this group at http://groups.google.com/group/native-client-discuss.
For more options, visit https://groups.google.com/d/optout.