Related
I have looked at similar discussions (std::map causing memory leaks?) about this issue but according to the debug build of my app this is triggering a memory leak:
void CMeetingScheduleAssistantApp::SetLocale(LanguageMSA eLang)
{
// See: https://www.microsoft.com/resources/msdn/goglobal/default.mspx#ISO2
map<LanguageMSA, CString> mapLocales;
mapLocales.emplace(LanguageMSA::Afrikaans, _T("af"));
mapLocales.emplace(LanguageMSA::Albanian, _T("sqi"));
mapLocales.emplace(LanguageMSA::Arabic, _T("ara"));
mapLocales.emplace(LanguageMSA::Aukan, _T("drk"));
mapLocales.emplace(LanguageMSA::Bulgarian, _T("bgr"));
mapLocales.emplace(LanguageMSA::ChineseSimplified, _T("chs"));
mapLocales.emplace(LanguageMSA::Croatian, _T("hrv"));
mapLocales.emplace(LanguageMSA::Czech, _T("csy"));
mapLocales.emplace(LanguageMSA::Danish, _T("dan"));
mapLocales.emplace(LanguageMSA::Dutch, _T("nld"));
mapLocales.emplace(LanguageMSA::English, _T("eng"));
mapLocales.emplace(LanguageMSA::Estonian, _T("et"));
mapLocales.emplace(LanguageMSA::Finnish, _T("fin"));
mapLocales.emplace(LanguageMSA::French, _T("fra"));
mapLocales.emplace(LanguageMSA::German, _T("deu"));
mapLocales.emplace(LanguageMSA::Greek, _T("ell"));
mapLocales.emplace(LanguageMSA::Gujarati, _T("guj"));
mapLocales.emplace(LanguageMSA::Hindi, _T("hin"));
mapLocales.emplace(LanguageMSA::Hungarian, _T("hu-HU"));
mapLocales.emplace(LanguageMSA::Indonesian, _T("ind"));
mapLocales.emplace(LanguageMSA::Italian, _T("ita"));
mapLocales.emplace(LanguageMSA::Japanese, _T("jpn"));
mapLocales.emplace(LanguageMSA::Lingala, _T("ln-CG"));
mapLocales.emplace(LanguageMSA::Maltese, _T("mt-MT"));
mapLocales.emplace(LanguageMSA::Polish, _T("plk"));
mapLocales.emplace(LanguageMSA::PortugueseBrazil, _T("ptb"));
mapLocales.emplace(LanguageMSA::PortuguesePortugal, _T("pt-PT"));
mapLocales.emplace(LanguageMSA::Punjabi, _T("pa"));
mapLocales.emplace(LanguageMSA::Romanian, _T("rom"));
mapLocales.emplace(LanguageMSA::Russian, _T("rus"));
mapLocales.emplace(LanguageMSA::Saramaccan, _T("fra")); // Special case (uses French)
mapLocales.emplace(LanguageMSA::Setswana, _T("tn-ZA"));
mapLocales.emplace(LanguageMSA::Slovenian, _T("slv"));
mapLocales.emplace(LanguageMSA::Spanish, _T("esp"));
mapLocales.emplace(LanguageMSA::Swahili, _T("swk"));
mapLocales.emplace(LanguageMSA::Swedish, _T("sve"));
mapLocales.emplace(LanguageMSA::Tagalog, _T("fil-PH"));
mapLocales.emplace(LanguageMSA::Tamil, _T("tai"));
mapLocales.emplace(LanguageMSA::Tsonga, _T("tso"));
mapLocales.emplace(LanguageMSA::Turkish, _T("trk"));
mapLocales.emplace(LanguageMSA::Ukrainian, _T("ukr"));
mapLocales.emplace(LanguageMSA::Vietnamese, _T("vit"));
mapLocales.emplace(LanguageMSA::Zulu, _T("zu-ZA"));
CString strLocale = _T("eng"); // Default (also used by some "partial" translations
if (mapLocales.find(eLang) != mapLocales.end())
strLocale = mapLocales[eLang];
_tsetlocale(LC_ALL, strLocale);
}
Please advise if there is anything I need to do to stop this memory leak being listed when the debug version closes. Or is it a red herring in this case?
LanguageMSA is an enum class:
enum class LanguageMSA
{
English = 0,
German,
Spanish,
Italian,
Polish,
French,
PortugueseBrazil,
Dutch,
Swedish,
Slovenian,
Czech,
Finnish,
Danish,
Ukrainian,
Russian,
Tagalog,
HaitianCreole,
Afrikaans,
Albanian,
ChineseSimplified,
Croatian,
Turkish,
Twi,
Swahili, // AJT v11.3.4
Estonian, // AJT v12.0.5
Romanian, // AJT v12.0.8
Greek, // AJT v13.0.0
Bulgarian, // AJT v13.0.2
Malagasy, // AJT v14.0.4
Arabic, // AJT v16.0.0
Indonesian, // AJT v16.0.2
Hindi, // AJT v16.0.7
Tamil, // AJT v16.1.0
Vietnamese, // AJT v16.1.1
Zulu, // AJT v16.1.6
Gun, // AJT v17.0.9
Lingala, // AJT v17.0.9
PortuguesePortugal, // AJT v17.1.0
Punjabi, // AJT v17.1.3
Maltese, // AJT v17.2.3
Hungarian, // AJT v17.2.6
Saramaccan, // AJT v18.0.0
Amharic, // AJT v18.0.6
Japanese, // AJT v18.0.6
Setswana, // AJT v18.0.8
Sranantongo,// AJT v18.1.4
Aukan, // AJT v18.1.6
Armenian, // AJT v18.2.1
Gujarati, // AJT v19.0.9
Sesotho, // AJT v20.0.3
Cebuano, // AJT v20.1.2
Tsonga, // AJT v20.1.5
PidginWestAfrica, // AJT v20.3.0
// Maintain a count of language enums
Count
} ;
Memory leak dump:
Detected memory leaks!
Dumping objects ->
{104257} normal block at 0x0000028AC8015830, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{104255} normal block at 0x0000028AC8015210, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{104253} normal block at 0x0000028AC706A920, 168 bytes long.
Data: < (R ÈŠ > 05 00 00 00 00 00 00 00 28 52 01 C8 8A 02 00 00
{104244} normal block at 0x0000028AE311F820, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{104242} normal block at 0x0000028AE311EEC0, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{104241} normal block at 0x0000028AC706A0B0, 168 bytes long.
Data: < Øî ㊠> 04 00 00 00 00 00 00 00 D8 EE 11 E3 8A 02 00 00
{104232} normal block at 0x0000028AC80152F0, 38 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 06 00 00 00 06 00 00 00
{104230} normal block at 0x0000028AC6CF9690, 54 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0E 00 00 00 0E 00 00 00
{104229} normal block at 0x0000028AC7069C00, 168 bytes long.
Data: < ¨–ÏÆŠ > 03 00 00 00 00 00 00 00 A8 96 CF C6 8A 02 00 00
{104220} normal block at 0x0000028AC8015DE0, 42 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 08 00 00 00 08 00 00 00
{104218} normal block at 0x0000028AC6CF8F10, 58 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 10 00 00 00 10 00 00 00
{104217} normal block at 0x0000028AC706B280, 168 bytes long.
Data: < ( ÏÆŠ > 02 00 00 00 00 00 00 00 28 8F CF C6 8A 02 00 00
{104208} normal block at 0x0000028AC80151A0, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{104206} normal block at 0x0000028AC80164E0, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{104204} normal block at 0x0000028AC706B910, 168 bytes long.
Data: < ød ÈŠ > 01 00 00 00 00 00 00 00 F8 64 01 C8 8A 02 00 00
{104195} normal block at 0x0000028AC8016A20, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{104193} normal block at 0x0000028AC8014560, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{104191} normal block at 0x0000028AC706A830, 168 bytes long.
Data: < xE ÈŠ > 00 00 00 00 00 00 00 00 78 45 01 C8 8A 02 00 00
{103563} normal block at 0x0000028AC80157C0, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{103561} normal block at 0x0000028AC8013B50, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{103559} normal block at 0x0000028AC706B820, 168 bytes long.
Data: < h; ÈŠ > 05 00 00 00 00 00 00 00 68 3B 01 C8 8A 02 00 00
{103550} normal block at 0x0000028AC7090340, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{103548} normal block at 0x0000028AC7090DC0, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{103547} normal block at 0x0000028AC706B730, 168 bytes long.
Data: < Ø ÇŠ > 04 00 00 00 00 00 00 00 D8 0D 09 C7 8A 02 00 00
{103538} normal block at 0x0000028AC8016BE0, 38 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 06 00 00 00 06 00 00 00
{103536} normal block at 0x0000028AC6CF8E90, 54 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0E 00 00 00 0E 00 00 00
{103535} normal block at 0x0000028AC706A290, 168 bytes long.
Data: < ¨ŽÏÆŠ > 03 00 00 00 00 00 00 00 A8 8E CF C6 8A 02 00 00
{103526} normal block at 0x0000028AC80169B0, 42 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 08 00 00 00 08 00 00 00
{103524} normal block at 0x0000028AC6CF8D10, 58 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 10 00 00 00 10 00 00 00
{103523} normal block at 0x0000028AC706A380, 168 bytes long.
Data: < ( ÏÆŠ > 02 00 00 00 00 00 00 00 28 8D CF C6 8A 02 00 00
{103514} normal block at 0x0000028AC8015F30, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{103512} normal block at 0x0000028AC8013FB0, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{103510} normal block at 0x0000028AC706A650, 168 bytes long.
Data: < È? ÈŠ > 01 00 00 00 00 00 00 00 C8 3F 01 C8 8A 02 00 00
{103501} normal block at 0x0000028AC8013CA0, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{103499} normal block at 0x0000028AC8013760, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{103497} normal block at 0x0000028AC706BA00, 168 bytes long.
Data: < x7 ÈŠ > 00 00 00 00 00 00 00 00 78 37 01 C8 8A 02 00 00
{101036} normal block at 0x0000028AC8013990, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{101034} normal block at 0x0000028AC8014640, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{101032} normal block at 0x0000028AC706B190, 168 bytes long.
Data: < XF ÈŠ > 05 00 00 00 00 00 00 00 58 46 01 C8 8A 02 00 00
{101023} normal block at 0x0000028AE311F700, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{101021} normal block at 0x0000028AE311E5C0, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{101020} normal block at 0x0000028AC706A740, 168 bytes long.
Data: < Øå ㊠> 04 00 00 00 00 00 00 00 D8 E5 11 E3 8A 02 00 00
{101011} normal block at 0x0000028AC8013680, 38 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 06 00 00 00 06 00 00 00
{101009} normal block at 0x0000028AC6CDEA80, 54 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0E 00 00 00 0E 00 00 00
{101008} normal block at 0x0000028AC706A560, 168 bytes long.
Data: < êÍÆŠ > 03 00 00 00 00 00 00 00 98 EA CD C6 8A 02 00 00
{100999} normal block at 0x0000028AC8015050, 42 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 08 00 00 00 08 00 00 00
{100997} normal block at 0x0000028AC6CDF900, 58 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 10 00 00 00 10 00 00 00
{100996} normal block at 0x0000028AC706ADD0, 168 bytes long.
Data: < ùÍÆŠ > 02 00 00 00 00 00 00 00 18 F9 CD C6 8A 02 00 00
{100987} normal block at 0x0000028AC80135A0, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{100985} normal block at 0x0000028AC8014FE0, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{100983} normal block at 0x0000028AC706B0A0, 168 bytes long.
Data: < øO ÈŠ > 01 00 00 00 00 00 00 00 F8 4F 01 C8 8A 02 00 00
{100974} normal block at 0x0000028AC80145D0, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{100972} normal block at 0x0000028AC8014480, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{100970} normal block at 0x0000028AC706B460, 168 bytes long.
Data: < D ÈŠ > 00 00 00 00 00 00 00 00 98 44 01 C8 8A 02 00 00
{12591} normal block at 0x0000028AC64B5970, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{12589} normal block at 0x0000028AC64B5740, 40 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 07 00 00 00 07 00 00 00
{12587} normal block at 0x0000028AC7F8D9D0, 168 bytes long.
Data: < XWKÆŠ > 05 00 00 00 00 00 00 00 58 57 4B C6 8A 02 00 00
{12578} normal block at 0x0000028AC7F06DB0, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{12576} normal block at 0x0000028AC7F07830, 34 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 04 00 00 00 04 00 00 00
{12575} normal block at 0x0000028AC7F8D8E0, 168 bytes long.
Data: < HxðÇŠ > 04 00 00 00 00 00 00 00 48 78 F0 C7 8A 02 00 00
{12566} normal block at 0x0000028AC64B5890, 38 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 06 00 00 00 06 00 00 00
{12564} normal block at 0x0000028AC6496AE0, 54 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0E 00 00 00 0E 00 00 00
{12563} normal block at 0x0000028AC7F8D7F0, 168 bytes long.
Data: < øjIÆŠ > 03 00 00 00 00 00 00 00 F8 6A 49 C6 8A 02 00 00
{12554} normal block at 0x0000028AC64B5820, 42 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 08 00 00 00 08 00 00 00
{12552} normal block at 0x0000028AC64965E0, 58 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 10 00 00 00 10 00 00 00
{12551} normal block at 0x0000028AC7F8E240, 168 bytes long.
Data: < øeIÆŠ > 02 00 00 00 00 00 00 00 F8 65 49 C6 8A 02 00 00
{12542} normal block at 0x0000028AC64B4E10, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{12540} normal block at 0x0000028AC64B53C0, 46 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0A 00 00 00 0A 00 00 00
{12538} normal block at 0x0000028AC7F8D610, 168 bytes long.
Data: < ØSKÆŠ > 01 00 00 00 00 00 00 00 D8 53 4B C6 8A 02 00 00
{12529} normal block at 0x0000028AC64B4D30, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{12527} normal block at 0x0000028AC64B4C50, 52 bytes long.
Data: < 3#^ö > 00 33 23 5E F6 7F 00 00 0D 00 00 00 0D 00 00 00
{12525} normal block at 0x0000028AC7EE7740, 168 bytes long.
Data: < hLKÆŠ > 00 00 00 00 00 00 00 00 68 4C 4B C6 8A 02 00 00
Object dump complete.
I find a run-time error in GNU Scientific Library (GSL) when undefined sanitizer is enabled:
deque.c:58:11: runtime error: member access within misaligned address 0x0000024010f4 for type 'struct deque', which requires 8 byte alignment
0x0000024010f4: note: pointer points here
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
deque.c:59:11: runtime error: member access within misaligned address 0x0000024010f4 for type 'struct deque', which requires 8 byte alignment
0x0000024010f4: note: pointer points here
00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
deque.c:60:11: runtime error: member access within misaligned address 0x0000024010f4 for type 'struct deque', which requires 8 byte alignment
0x0000024010f4: note: pointer points here
00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
deque.c:61:12: runtime error: member access within misaligned address 0x0000024010f4 for type 'struct deque', which requires 8 byte alignment
0x0000024010f4: note: pointer points here
00 00 00 00 ff ff ff ff 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
But I have no idea how to the cause of these errors, or how to fix them. Can someone help explain? Besides, Is it an important issue that should be raised to developers (e.g. could this bee exploited as security attacks)?
The source code "deque.c" can be found here, with relevant lines of runtime errors shown below (the errors occur in lines 58,59,60,61).
And the definition of deque is here, in the same file:
[ADDED]
The code invoking deque_init is below, in mmacc.c of GSL's movstat library:
static int
mmacc_init(const size_t n, void * vstate)
{
mmacc_state_t * state = (mmacc_state_t *) vstate;
state->n = n;
state->k = 0;
state->xprev = 0.0;
state->rbuf = (ringbuf *) ((unsigned char *) vstate + sizeof(mmacc_state_t));
state->minque = (deque *) ((unsigned char *) state->rbuf + ringbuf_size(n));
state->maxque = (deque *) ((unsigned char *) state->minque + deque_size(n + 1));
ringbuf_init(n, state->rbuf);
deque_init(n + 1, state->minque);
deque_init(n + 1, state->maxque);
return GSL_SUCCESS;
}
The ringbuf_size function in the code above refers to the following code in ringbuf.c of the movstat library of GSL.
static size_t
ringbuf_size(const size_t n)
{
size_t size = 0;
size += sizeof(ringbuf);
size += n * sizeof(ringbuf_type_t); /* b->array */
return size;
}
I'm not too familiar with the library, but here's the reason why you get the error.
deque.c:58:11: runtime error: member access within misaligned address 0x0000024010f4 for type 'struct deque', which requires 8 byte alignment
0x0000024010f4: note: pointer points here
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
We can see, that indeed, pointer is shifted by 4. Let's figure out why.
The pointer comes from
state->minque = (deque *) ((unsigned char *) state->rbuf + ringbuf_size(n));
From this we can judge that either state->rbuf is misaligned or ringbuf_size returns value which is not aligned to 8. With a quick test, we can see, that indeed, ringbuf_size returns not aligned values. With a simple program I printed n, sizeof(ringbuf), n * sizeof(ringbuf_type_t) and final result.
0 24 + 0 = 24
1 24 + 4 = 28
2 24 + 8 = 32
3 24 + 12 = 36
4 24 + 16 = 40
5 24 + 20 = 44
6 24 + 24 = 48
7 24 + 28 = 52
8 24 + 32 = 56
9 24 + 36 = 60
10 24 + 40 = 64
11 24 + 44 = 68
12 24 + 48 = 72
13 24 + 52 = 76
14 24 + 56 = 80
15 24 + 60 = 84
As you can see, if you use odd number as size, then you get misaligned pointer (in your case it was 5). The reason being:
sizeof(size_t) = 8
sizeof(ringbuf_type_t) = 4
Example fix could be to add
size += (size % sizeof(size_t));
in ringbuf_size function. That way, the result changes to:
0 24 + 0 = 24
1 24 + 4 = 32
2 24 + 8 = 32
3 24 + 12 = 40
4 24 + 16 = 40
5 24 + 20 = 48
6 24 + 24 = 48
7 24 + 28 = 56
8 24 + 32 = 56
9 24 + 36 = 64
10 24 + 40 = 64
11 24 + 44 = 72
12 24 + 48 = 72
13 24 + 52 = 80
14 24 + 56 = 80
15 24 + 60 = 88
I have the following AMD64 ELF file on 64-bit (Arch)linux (not formatted to make it easier to copy-paste)
7F 45 4C 46 02 01 01 00 00 00 00 00 00 00 00 00 02 00 3E 00 01 00 00 00 78 00 40 00 00 00 00 00 40 00 00 00 00 00 00 00 84 00 00 00 00 00 00 00 00 00 00 00 40 00 38 00 01 00 40 00 03 00 02 00 01 00 00 00 05 00 00 00 78 00 00 00 00 00 00 00 78 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 48 B8 3C 00 00 00 00 00 00 00 0F 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 06 00 00 00 00 00 00 00 78 00 40 00 00 00 00 00 78 00 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 07 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 01 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 2E 74 65 78 74 00 2E 73 68 73 74 72 74 61 62 00
which does nothing but immediately exit.
The output of readelf -a is
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x400078
Start of program headers: 64 (bytes into file)
Start of section headers: 132 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 1
Size of section headers: 64 (bytes)
Number of section headers: 3
Section header string table index: 2
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .text PROGBITS 0000000000400078 00000078
000000000000000c 000000000000000c AX 0 0 8
[ 2] .shstrtab STRTAB 0000000000000000 00000144
0000000000000010 0000000000000010 0 0 0
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
l (large), p (processor specific)
There are no section groups in this file.
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x0000000000000078 0x0000000000400078 0x0000000000000000
0x000000000000000c 0x000000000000000c R E 0x200000
Section to Segment mapping:
Segment Sections...
00 .text
There is no dynamic section in this file.
There are no relocations in this file.
The decoding of unwind sections for machine type Advanced Micro Devices X86-64 is not currently supported.
No version information found in this file.
Although the executable runs perfectly fine, when I execute gdb <file> I am greeted with "0x7ffd7e078db0s": not in executable format: file format not recognized
The weird thing is, when I remove all sections (so an ELF remains with only file header, program header and code) GDB does recognize it as an executable.
Thus, my question is, how can I let GDB recognize my file as an executable? Alternatively, what information does GDB use to determine that a file is executable?
Thanks for your time and effort.
Your .shstrtab section has length 0x10, but should have length 0x11:
0 1 2 3 4 5 6 7 8 9 A B C D E F <-- byte offset
\0 . t e x t \0 . s h s t r t a b \0 <-- value
Changing 293rd byte from 0x10 to 0x11 makes the program run under GDB.
P.S. eu-readelf is more robust than readelf, and makes the error clearer. Using original (broken) binary:
$ readelf -WS junk.elf
There are 3 section headers, starting at offset 0x84:
Section Headers:
[Nr] Name Type Address Off Size ES Flg Lk Inf Al
[ 0] NULL 0000000000000000 000000 000000 00 0 0 0
[ 1] .text PROGBITS 0000000000400078 000078 00000c 0c AX 0 0 8
[ 2] .shstrtab STRTAB 0000000000000000 000144 000010 10 0 0 0
Compare to eu-readelf:
$ eu-readelf -WS junk.elf
There are 3 section headers, starting at offset 0x84:
Section Headers:
[Nr] Name Type Addr Off Size ES Flags Lk Inf Al
[ 0] NULL 0000000000000000 00000000 00000000 0 0 0 0
[ 1] .text PROGBITS 0000000000400078 00000078 0000000c 12 AX 0 0 8
[ 2] <corrupt> STRTAB 0000000000000000 00000144 00000010 16 0 0 0
I have written a program to use an external (wireless) numpad as an input device for gaming. I am using NUMPAD0, NUMPAD. and ENTER for the modifier keys shift, ctrl and alt respectively and I've keymapped the rest of the numpad keys to WASD and some other keys. I've setup a LowLevelKeyboardProc to intercept and eat the "real" input of the numpad and send a custom WM_MESSAGE to my application's Windows Message loop to then send the keymapped "new" input via SendInput (using the scan codes of the keys I want to simulate).
This all works fine and as expected. Except for the left shift key:
Whenever I press NUMPAD0, which is mapped to left shift, not only the correct scan code 0x2A = 42 is send, but also another key with scan code 0x022a = 554. This seems like some sort of flag in bit #9, since 554 is 42 + 2^9, but I can find any documentation on this.
I've read about extended 2-byte scan codes with prefix 0xE0, but not 0x02 as in this case. This also only happens with the simulated shift key; ctrl and alt a behaving just fine.
Relevant parts of both the keyboard hook and the windows messaging stuff:
LowLevelKeyboardProc:
LPWSTR convertToHex(LPBYTE in, size_t size_in_Bytes)
{
std::stringstream tempS;
tempS << std::hex;
for(int i = 0; i<size_in_Bytes; i++)
{
tempS << std::setfill('0') << std::setw(2) << int(in[i]) << " ";
}
std::string tempString = tempS.str();
std::wstring tempW(tempString.begin(), tempString.end());
LPWSTR out= (LPWSTR) malloc((tempW.size()+2)* sizeof(WCHAR));
StringCbCopyW(out, tempW.size()* sizeof(WCHAR), tempW.c_str());
return out;
}
LRESULT CALLBACK LowLevelKeyboardProc(__in int nCode, __in WPARAM wParam, __in LPARAM lParam)
{
KBDLLHOOKSTRUCT *key=(KBDLLHOOKSTRUCT *)lParam;
wchar_t tempString[128];
LPWSTR hexOut = convertToHex((LPBYTE) key , sizeof(KBDLLHOOKSTRUCT));
StringCbPrintfW(tempString, sizeof(tempString), L"HEX: %s \n", hexOut);
OutputDebugStringW(tempString);
free(hexOut);
//if(key->scanCode > 0xFF)
// return -1; //ignore strange scancode
if(nCode==HC_ACTION)
{
if(isNumpad)
{
auto it = KeyMap.find(key->scanCode);
if(it != KeyMap.end())
{
PostMessage(hwndMain, WM_MY_KEYDOWN, (key->flags & 128), it->first);
StringCbPrintfW(tempString, sizeof(tempString), L"Intercept Key, VK: %d, scan: %d, flags: %d, time: %d, event: %d \n", key->vkCode, key->scanCode, key->flags, key->time, wParam);
OutputDebugStringW(tempString);
return -1;
}
}
}
// delete injected flag
//UINT mask = (1<<4);
//if(key->flags & mask)
// key->flags ^= mask;
//key->scanCode = MapVirtualKey(key->vkCode, MAPVK_VK_TO_VSC);
StringCbPrintfW(tempString, sizeof(tempString), L"Output key: VK: %d, scan: %d, flags: %d, time: %d, event: %d \n", key->vkCode, key->scanCode, key->flags, key->time, wParam);
OutputDebugStringW(tempString);
return CallNextHookEx(hhkHook,nCode,wParam,lParam);
}
Windows Message stuff:
case WM_MY_KEYDOWN:
{
DWORD OLD_KEY = lParam;
DWORD NEW_KEY = KeyMap[OLD_KEY];
bool keyUP = wParam;
INPUT inputdata;
inputdata.type=INPUT_KEYBOARD;
inputdata.ki.dwFlags=KEYEVENTF_SCANCODE ;
inputdata.ki.wScan=NEW_KEY;
inputdata.ki.wVk=MapVirtualKey(NEW_KEY, MAPVK_VSC_TO_VK);
inputdata.ki.time = 0;//key->time;
inputdata.ki.dwExtraInfo = 0;//key->dwExtraInfo;
if(keyUP)
{
inputdata.ki.dwFlags |= KEYEVENTF_KEYUP;
}
Sleep(1);
bool sendKey=false;
switch(inputdata.ki.wScan)
{
//there once was some additional logic here to handle the modifier keys ctrl, alt and shift seperately, but not anymore
default:
{
sendKey=true;
}
break;
}
if (sendKey)
{
UINT result = SendInput(1, &inputdata, sizeof(INPUT));
if(!result)
ErrorExit(L"SendInput didn't work!");
}
}
break;
Output when pressing the normal shift key on a physical keyboard:
//key down
HEX: a0 00 00 00 2a 00 00 00 00 00 00 00 29 cf d2 00 00 00 00 00 00 00 00 00
Output key: VK: 160, scan: 42, flags: 0, time: 13815593, event: 256
//key up
HEX: a0 00 00 00 2a 00 00 00 80 00 00 00 e5 cf d2 00 00 00 00 00 00 00 00 00
Output key: VK: 160, scan: 42, flags: 128, time: 13815781, event: 257
Output when pressing the simulated shift key on the numpad:
//keydown event numpad
HEX: 60 00 00 00 52 00 00 00 00 00 00 00 a1 ea d2 00 00 00 00 00 00 00 00 00
Intercept Key, VK: 96, scan: 82, flags: 0, time: 13822625, event: 256
//keydown event simulated shift key
HEX: a0 00 00 00 2a 00 00 00 10 00 00 00 a1 ea d2 00 00 00 00 00 00 00 00 00
Output key: VK: 160, scan: 42, flags: 0, time: 13822625, event: 256
// key up event with strange scancode 554 <- THIS IS WHAT I AM TALKING ABOUT!
HEX: a0 00 00 00 2a 02 00 00 80 00 00 00 3d eb d2 00 00 00 00 00 00 00 00 00
Output key: VK: 160, scan: 554, flags: 128, time: 13822781, event: 257
// key up event numpad
HEX: 2d 00 00 00 52 00 00 00 80 00 00 00 3d eb d2 00 00 00 00 00 00 00 00 00
Intercept Key, VK: 45, scan: 82, flags: 128, time: 13822781, event: 257
// key down with strange scan code
HEX: a0 00 00 00 2a 02 00 00 00 00 00 00 3d eb d2 00 00 00 00 00 00 00 00 00
Output key: VK: 160, scan: 554, flags: 0, time: 13822781, event: 256
//key up event simulated shift key
HEX: a0 00 00 00 2a 00 00 00 90 00 00 00 3d eb d2 00 00 00 00 00 00 00 00 00
Output key: VK: 160, scan: 42, flags: 128, time: 13822781, event: 257
Another thing to note is that the key-up event of this strange key scan code 554 is also exactly in reverse to what the rest is (see output).
As I can simply eat the key event for this strange scan code 554, this is actually not much of a problem functionality-wise, but I would still like to know what this scan code 554 is all about.
I try to issue a scsi read(10) and write(10) to a SSD. I use this example code as a reference/basic code.
This is my scsi read:
#define READ_REPLY_LEN 32
#define READ_CMDLEN 10
void scsi_read()
{
unsigned char Readbuffer[ SCSI_OFF + READ_REPLY_LEN ];
unsigned char cmdblk [ READ_CMDLEN ] =
{ 0x28, /* command */
0, /* lun/reserved */
0, /* lba */
0, /* lba */
0, /* lba */
0, /* lba */
0, /* reserved */
0, /* transfer length */
READ_REPLY_LEN, /* transfer length */
0 };/* reserved/flag/link */
memset(Readbuffer,0,sizeof(Readbuffer));
memcpy( cmd + SCSI_OFF, cmdblk, sizeof(cmdblk) );
/*
* +------------------+
* | struct sg_header | <- cmd
* +------------------+
* | copy of cmdblk | <- cmd + SCSI_OFF
* +------------------+
*/
if (handle_scsi_cmd(sizeof(cmdblk), 0, cmd,
sizeof(Readbuffer) - SCSI_OFF, Readbuffer )) {
fprintf( stderr, "read failed\n" );
exit(2);
}
hex_dump(Readbuffer,sizeof(Readbuffer));
}
And this is my scsi write:
void scsi_write ( void )
{
unsigned char Writebuffer[SCSI_OFF];
unsigned char cmdblk [] =
{ 0x2A, /* 0: command */
0, /* 1: lun/reserved */
0, /* 2: LBA */
0, /* 3: LBA */
0, /* 4: LBA */
0, /* 5: LBA */
0, /* 6: reserved */
0, /* 7: transfer length */
0, /* 8: transfer length */
0 };/* 9: control */
memset(Writebuffer,0,sizeof(Writebuffer));
memcpy( cmd + SCSI_OFF, cmdblk, sizeof(cmdblk) );
cmd[SCSI_OFF+sizeof(cmdblk)+0] = 'A';
cmd[SCSI_OFF+sizeof(cmdblk)+1] = 'b';
cmd[SCSI_OFF+sizeof(cmdblk)+2] = 'c';
cmd[SCSI_OFF+sizeof(cmdblk)+3] = 'd';
cmd[SCSI_OFF+sizeof(cmdblk)+4] = 'e';
cmd[SCSI_OFF+sizeof(cmdblk)+5] = 'f';
cmd[SCSI_OFF+sizeof(cmdblk)+6] = 'g';
cmd[SCSI_OFF+sizeof(cmdblk)+7] = 0;
/*
* +------------------+
* | struct sg_header | <- cmd
* +------------------+
* | copy of cmdblk | <- cmd + SCSI_OFF
* +------------------+
* | data to write |
* +------------------+
*/
if (handle_scsi_cmd(sizeof(cmdblk), 8, cmd,
sizeof(Writebuffer) - SCSI_OFF, Writebuffer )) {
fprintf( stderr, "write failed\n" );
exit(2);
}
}
In the following example I do
scsi read
scsi write
scsi read
And I print the hexdumps of the data which is written (scsi write) and what is read (scsi read)
Read(10)
[0000] 00 00 00 44 00 00 00 44 00 00 00 00 00 00 00 00 ...D...D ........
[0010] 00 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0040] 00 00 00 00 ....
Write(10):
[0000] 00 00 00 00 00 00 00 24 00 00 00 00 00 00 00 00 ........ ........
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0020] 00 00 00 00 2A 00 00 00 00 00 00 00 00 00 41 62 ........ ......Ab
[0030] 63 64 65 66 67 00 cdefg.
Read(10):
[0000] 00 00 00 44 00 00 00 44 00 00 00 00 00 00 00 00 ...D...D ........
[0010] 04 00 20 00 70 00 02 00 00 00 00 0A 00 00 00 00 ....p... ........
[0020] 04 00 00 00 41 62 63 64 65 66 67 00 00 00 00 00 ....Abcd efg.....
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0040] 00 00 00 00 ....
fter running the three commands again, I should read Abcdefg with the first read. Right? But running them again changes nothing. You could now assume, that the memory I use has still the data from previous funcions, but I get the same result even though I run memset(Readbuff,0,sizeof(Readbuff)) before the sys_read() happens.
I assumed, that the LBA I try to write is maybe forbidden to write, and I read the cache. But interating over LBA Adresses from 0x00-0xFF changes nothing - That means, I read the same data (Abcdefg).
Do you know an example implementation of scsi read or writes with the scsi generic interface?
In SCSI, the units of the LBA and the transfer length are in blocks, sometimes called sectors. This is almost always 512 bytes. So, you can't read or write just 32 bytes. At a minimum, you'll have to do 512 bytes == one block. This one point is most of what you need to fix.
Your transfer length is zero in your scsi_write implementation, so it's not actually going to write any data.
You should use different buffers for the CDB and the write/read data. I suspect that confusion about these buffers is leading your implementation to write past the end of one of your statically-allocated arrays and over your ReadBuffer. Run it under valgrind and see what shows up.
And lastly, a lot could go wrong in whatever is in handle_scsi_cmd. It can be tricky to set up the data transfer... in particular, make sure you're straight on which way the data is going in the I/O header's dxfer_direction: SG_DXFER_TO_DEV for write, SG_DXFER_FROM_DEV for read.
Check out this example of how to do a read(16). This is more along the lines of what you're trying to accomplish.
https://github.com/hreinecke/sg3_utils/blob/master/examples/sg_simple16.c