526互联

core文件里的全局变量偏移了16字节

发布时间 2023-09-25 14:06:55作者: 枝桠

源代码里面有这个几张表:

 126 static struct avl_table *l2_addr_tree;
 127 static struct avl_table *casa_neighbor_table;
 128 static struct avl_table *casa_ecmp_table;
 129 static struct avl_table *casa_neighbor6_table;
 130 static struct avl_table *casa_nh_route_table;
 131 static struct avl_table *casa_nh_route6_table;
 132
 133 static struct avl_table *casa_mpls_ilm_table;

gdb 中查看一下 l2_addr_tree 的内容

(gdb) p *l2_addr_tree
$2 = {
  avl_root = 0xc50e038,
  avl_compare = 0x3b7dce4 <casa_nh_route_compare>,
  avl_param = 0x0,
  avl_alloc = 0x780d730,
  avl_count = 5191,
  avl_generation = 134163
}

avl_compare 这个指针明显不对,于是查看一下其他的表,统计如下

08da20b4 b l2_addr_tree                           0x449710b8      avl_compare = casa_nh_route_compare
08da20b8 b casa_neighbor_table                    0x449710d8      avl_compare = casa_nh_route6_compare
08da20bc b casa_ecmp_table                        0x44975140      avl_compare = casa_mpls_ilm_compare
08da20c0 b casa_neighbor6_table                   0x4
08da20c4 b casa_nh_route_table                    0
08da20c8 b casa_nh_route6_table                   0
08da20cc b casa_mpls_ilm_table                    0

很明显是有错位的

查看一下 l2_addr_tree 附近的内存

(gdb) x/30x &l2_addr_tree-8
0x8da2094 <casa_neighor_tbl_rwlock>:    0x00000000      0x00000000      0x00000000      0x00000000
0x8da20a4 <casa_neighor_tbl_rwlock+16>: 0x44971038      0x44971058      0x44971078      0x44971098
0x8da20b4 <l2_addr_tree>:       0x449710b8      0x449710d8      0x44975140      0x00000004
0x8da20c4 <casa_nh_route_table>:        0x00000000      0x00000000      0x00000000      0x00000000
0x8da20d4 <bnet_ip6_ll_tree>:   0x00000001      0x00000000      0x00000000      0x0000039f
0x8da20e4 <my_mac_set>: 0x0000039f      0x03ba55c8      0x00000000      0x00000001
0x8da20f4 <rmt_gige_port_link_stat>:    0x00000000      0x00000000      0x00000000      0x00000017
0x8da2104 <failover_id.304260>: 0x102490b2      0x00000000

可以看到前面有 l2_addr_tree 的前面还有4个可访问的指针
再仔细看一下,跟这几涨表都对上了,但是符号和地址对不上

(gdb) p *((struct avl_table *)0x44971038)     <----- l2_addr_tree
$5 = {
  avl_root = 0x0,
  avl_compare = 0x3b80cec <l2_addr_entry_compare>,
  avl_param = 0x0,
  avl_alloc = 0x780d730,
  avl_count = 0,
  avl_generation = 0
}
(gdb) p *((struct avl_table *)0x44971058)     <----- casa_neighbor_table
$6 = {
  avl_root = 0x51355d48,
  avl_compare = 0x3b7da98 <casa_neighbor_compare>,
  avl_param = 0x0,
  avl_alloc = 0x780d730,
  avl_count = 12456,
  avl_generation = 1087166
}
(gdb) p *((struct avl_table *)0x44971078)     <----- casa_ecmp_table
$7 = {
  avl_root = 0x505f3d38,
  avl_compare = 0x3b7dc0c <casa_ecmp_compare>,
  avl_param = 0x0,
  avl_alloc = 0x780d730,
  avl_count = 2,
  avl_generation = 0
}
(gdb) p *((struct avl_table *)0x44971098)     <----- casa_neighbor6_table
$8 = {
  avl_root = 0x51a25258,
  avl_compare = 0x3b7db10 <casa_neighbor6_compare>,
  avl_param = 0x0,
  avl_alloc = 0x780d730,
  avl_count = 7292,
  avl_generation = 361599
}
(gdb) p *((struct avl_table *)0x449710b8)     <----- casa_nh_route_table
$9 = {
  avl_root = 0xc50e038,
  avl_compare = 0x3b7dce4 <casa_nh_route_compare>,
  avl_param = 0x0,
  avl_alloc = 0x780d730,
  avl_count = 5191,
  avl_generation = 134163
}
(gdb) p *((struct avl_table *)0x449710d8)     <----- casa_nh_route6_table
$10 = {
  avl_root = 0x51a25270,
  avl_compare = 0x3b7dd9c <casa_nh_route6_compare>,
  avl_param = 0x0,
  avl_alloc = 0x780d730,
  avl_count = 8394,
  avl_generation = 433270
}
(gdb) p *((struct avl_table *)0x44975140)     <----- casa_mpls_ilm_table
$11 = {
  avl_root = 0x50465680,
  avl_compare = 0x3b7dec4 <casa_mpls_ilm_compare>,
  avl_param = 0x0,
  avl_alloc = 0x780d730,
  avl_count = 36,
  avl_generation = 19
}

可见,是生成core的时候,全局变量区的地址计算错误,偏移了16字节