I just fixed an interesting bug in one of my contract jobs as a linux C programmer.

I had program that was crashing. Great, I thought, I’ll run it in a debugger and I’ll see where it crashes. I loaded the progam in gdb and I got no information of the stack:

Program received signal SIGSEGV, Segmentation fault.
0x00000000 in ?? ()

I started setting up breakpoints in the program and after 15 minutes I found the function that crashed the program. The thing is that the program crashed right on the exit of the function.

Then it hit me. Somewhere before the function exit there was some code that was overwriting the stack. Then I remembered the old and legendary article “Smashing The Stack For Fun And Profit”. I was doing just that, only that I had an invalid return point in the stack, the null pointer.

So I put a breakpoint earlier in the function. And there you go, you can see the stack being smashed here:

Breakpoint 4, StandardRateTimeDeclParms () at plotterf.c:1035
1035 Fr for (i = 0; i < 18; i++)
(gdb) where- ------
#0 StandardRateTimeDeclParms () at plotterf.c:1035
#1 0x0827b080 in ?? ()
#2 0x00000000 in ?? ()

We still know where we are now, but we don’t know where to come back. After a little more iterations, I started to get

(gdb)
Cannot find bounds of current function

I found the array that was not sized properly, increased the size then the program returned successfuly:

Plotting...request id is cl4600raw-2065 (1 file(s))
Program exited normally.
(gdb)

Leason learned: Next time I’ll see a smashed stack I’ll recognize it.