[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: weird IOKit crash in IOIteratorNext()

Subject: Re: weird IOKit crash in IOIteratorNext()
From: Julian Mayer <email@hidden>
Date: Fri, 2 Dec 2005 04:08:55 +0100
Delivered-to: email@hidden
Delivered-to: email@hidden

If you look at the disassembled code for IOIteratorNext in IOKit.framework, you'll see there is no way this call sequence should happen.
_IOIteratorNext:
+00	mfspr	r0,lr
+04	stw		r0,0x8(r1)
+08	stwu	r1,0xffa0(r1)
+0C	addi	r4,r1,0x40
+10	bl		0x905cd014	; symbol stub for: _io_iterator_next
+14	cmpwi	cr7,r3,0x0
IOIteratorNext does not call CFRelease at + 0x10, it calls _io_iterator_next by way of a dyld_stub, which loads a function pointer and jumps to it. There are only two reasonable ways that dyld's function pointer could be wrong.
 - its prebound, incorrectly.
 - its been stomped by a memory smasher.
My bet, from having witnessed this happen before, is the first.
-Ed

hello ed thanks for your analysis! it is still not clear to me why the binary in question crashes on one machine and runs properly on all other...is there a real problem and the prebinding problem only accounts for an incorrect crash log, or is prebinding completely responsible for the problem? if so, what do i have to do to remedy this problem? does this also mean that the rest of the crash log is also wrong? i've not taken any special steps in regards to prebinding, i've just used Xcode's defaults for the deployment mode, which i thought are fine...? thanks, julian _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/email@hidden

This email sent to email@hidden

Follow-Ups:
- Re: weird IOKit crash in IOIteratorNext()
  - From: Chris Thomas <email@hidden>

References:
	>weird IOKit crash in IOIteratorNext() (From: Julian Mayer <email@hidden>)
	>Re: weird IOKit crash in IOIteratorNext() (From: Ed Wynne <email@hidden>)

Prev by Date: Re: Determining the canonical case for a file name on HFS+
Next by Date: Catching and preventing hard sleep
Previous by thread: Re: weird IOKit crash in IOIteratorNext()
Next by thread: Re: weird IOKit crash in IOIteratorNext()
Index(es):
- Date
- Thread

Home