Re: weird IOKit crash in IOIteratorNext()
Re: weird IOKit crash in IOIteratorNext()
- Subject: Re: weird IOKit crash in IOIteratorNext()
- From: Ed Wynne <email@hidden>
- Date: Thu, 1 Dec 2005 18:48:42 -0500
On Dec 1, 2005, at 4:57 PM, Julian Mayer wrote:
hello all
i've received a very weird crash report that i'm unable to track
down cause the code in question works everwhere else and similar
code is also in apple's sample code. the crash is happening in:
0 com.apple.CoreFoundation 0x901c0a14 CFRelease + 0x24
1 com.apple.framework.IOKit 0x939c0e24 IOIteratorNext + 0x14
more specifically the line that is crashing is:
"for(object = IOIteratorNext(iter); object != 0; object =
IOIteratorNext(iter)) // iterate through all
"IOATABlockStorageDriver"s"
which seems very strange to me...i can see no obvious defect here...
does anybody have any ideas when/why this crash could occur?
If you look at the disassembled code for IOIteratorNext in
IOKit.framework, you'll see there is no way this call sequence should
happen.
_IOIteratorNext:
+00 mfspr r0,lr
+04 stw r0,0x8(r1)
+08 stwu r1,0xffa0(r1)
+0C addi r4,r1,0x40
+10 bl 0x905cd014 ; symbol stub for: _io_iterator_next
+14 cmpwi cr7,r3,0x0
IOIteratorNext does not call CFRelease at + 0x10, it calls
_io_iterator_next by way of a dyld_stub, which loads a function
pointer and jumps to it. There are only two reasonable ways that
dyld's function pointer could be wrong.
- its prebound, incorrectly.
- its been stomped by a memory smasher.
My bet, from having witnessed this happen before, is the first.
-Ed
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden