MIPS缓冲区溢出1_crash

博客讲述将vuln_system.c拷贝至my_file文件下,执行命令时出现错误。程序在试图执行0x41414141处指令时崩溃,该地址超出进程引发断段故障,还提及使用命令重新执行。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

1.将vuln_system.c 拷贝至my_file文件下:

这里写图片描述
执行如下命令:

root@ricard-virtual-machine:~/my_file# /root/my_file/buildroot1/buildroot/output/host/bin/mips-linux-gcc vuln_system.c -static -o vuln_system

root@ricard-virtual-machine:~/my_file# python -c "print 'A'*600">passwd
root@ricard-virtual-machine:~/my_file# qemu-mips vuln_system

而后会出现错误:
这里写图片描述

程序引发了一段故障,使用如下命令重新执行:


root@ricard-virtual-machine:~/my_file# qemu-mips vuln_system `python -c "print 'A'*600"`

这里写图片描述

root@ricard-virtual-machine:~/my_file# qemu-mips -g 1234 ./vuln_system `python -c "print 'A'*600"`

这里写图片描述
这里写图片描述

这里写图片描述

如上图所示:程序在试图执行0x41414141处的指令时发生了崩溃,这刚好是AAAA的十六进制,0x41414141超出了进程,引发了断段故障。

我有多台运行openwrt 12的AP设备,在运行四天之后发生设备异常重启,1.两台笔记本,一台连LAN口,一台连无线,双向PING包,AP设备发生重启 CPU 0 Unable to handle kernel paging request at virtual address e79190a0, epc == 800eca00, ra == 800cff34 [347296.030000] Call Trace: [347296.030000] [<800eca00>] sync_supers+0x44/0x124 [347296.030000] [<800cff34>] bdi_sync_supers+0x34/0x58 [347296.030000] [<8008ea08>] kthread+0x90/0x98 [347296.030000] [<80066950>] kernel_thread_helper+0x10/0x18 2. 两台笔记本,一台连LAN口,一台连无线,双向PING包,AP设备发生重启 Unhandled kernel unaligned access[#1]: [347296.020000] Call Trace: [347296.020000] [<800eca00>] sync_supers+0x44/0x124 [347296.020000] [<800cff34>] bdi_sync_supers+0x34/0x58 [347296.020000] [<8008ea08>] kthread+0x90/0x98 [347296.020000] [<80066950>] kernel_thread_helper+0x10/0x18 3.两台笔记本,一台连LAN口,一台连无线,双向PING包,AP设备发生重启 Unhandled kernel unaligned access[#1]: [347296.020000] Call Trace: [347296.020000] [<800eca00>] sync_supers+0x44/0x124 [347296.020000] [<800cff34>] bdi_sync_supers+0x34/0x58 [347296.020000] [<8008ea08>] kthread+0x90/0x98 [347296.020000] [<80066950>] kernel_thread_helper+0x10/0x18 4.两台笔记本,一台连LAN口,一台连无线,双向PING包,AP设备发生重启 Data bus error, epc == 8006ad60, ra == 8006af14 [347296.020000] Call Trace: [347296.020000] [<8006ad60>] emulate_load_store_insn+0x220/0x2f8 [347296.020000] [<8006af14>] do_ade+0xdc/0x158 [347296.020000] [<80064e20>] ret_from_exception+0x0/0xc [347296.020000] [<800eca00>] sync_supers+0x44/0x124 [347296.020000] [<800cff34>] bdi_sync_supers+0x34/0x58 [347296.020000] [<8008ea08>] kthread+0x90/0x98 [347296.020000] [<80066950>] kernel_thread_helper+0x10/0x18 5.两台笔记本,一台连LAN口,一台连无线,双向PING包,AP设备发生重启 Data bus error, epc == 8006ad60, ra == 8006af14 [347296.020000] Call Trace: [347296.020000] [<8006ad60>] emulate_load_store_insn+0x220/0x2f8 [347296.020000] [<8006af14>] do_ade+0xdc/0x158 [347296.020000] [<80064e20>] ret_from_exception+0x0/0xc [347296.020000] [<800eca00>] sync_supers+0x44/0x124 [347296.020000] [<800cff34>] bdi_sync_supers+0x34/0x58 [347296.020000] [<8008ea08>] kthread+0x90/0x98 [347296.020000] [<80066950>] kernel_thread_helper+0x10/0x18 6.未连无线挂机,访问WEB界面重启 CPU 0 Unable to handle kernel paging request at virtual address eea005a0, epc == 8007de74, ra == 80133614 [389773.160000] Call Trace: [389773.160000] [<8007de74>] __sysctl_head_next+0x3c/0x108 [389773.160000] [<80133614>] proc_sys_lookup+0x10c/0x13c [389773.160000] [<800f350c>] d_alloc_and_lookup+0x54/0x90 [389773.160000] [<800f3a80>] do_lookup+0x2a8/0x390 [389773.160000] [<800f5808>] path_lookupat+0x148/0x708 [389773.160000] [<800f5df8>] do_path_lookup+0x30/0xa4 [389773.160000] [<800f751c>] user_path_at_empty+0x60/0xa8 [389773.160000] [<800f7574>] user_path_at+0x10/0x1c [389773.160000] [<800e8a0c>] sys_faccessat+0xb4/0x1cc [389773.160000] [<8006c584>] stack_done+0x20/0x40 7.未连无线挂机,访问WEB界面重启 CPU 0 Unable to handle kernel paging request at virtual address e9a3088c, epc == 8007de74, ra == 80133614 [393501.240000] Call Trace: [393501.240000] [<8007de74>] __sysctl_head_next+0x3c/0x108 [393501.240000] [<80133614>] proc_sys_lookup+0x10c/0x13c [393501.240000] [<800f350c>] d_alloc_and_lookup+0x54/0x90 [393501.240000] [<800f3a80>] do_lookup+0x2a8/0x390 [393501.240000] [<800f5808>] path_lookupat+0x148/0x708 [393501.240000] [<800f5df8>] do_path_lookup+0x30/0xa4 [393501.240000] [<800f751c>] user_path_at_empty+0x60/0xa8 [393501.240000] [<800f7574>] user_path_at+0x10/0x1c [393501.240000] [<800e8a0c>] sys_faccessat+0xb4/0x1cc [393501.240000] [<8006c584>] stack_done+0x20/0x40 8.输入cat /proc/sys/fs/file补全命令时重启 [502416.700000] Unhandled kernel unaligned access[#1]: [502416.700000] Call Trace: [502416.700000] [<8007de74>] __sysctl_head_next+0x3c/0x108 [502416.700000] [<801333ec>] proc_sys_readdir+0x118/0x234 [502416.700000] [<800f9f7c>] vfs_readdir+0xb4/0xdc [502416.700000] [<800fa16c>] sys_getdents64+0x74/0xe8 [502416.700000] [<8006c584>] stack_done+0x20/0x40 9.运行四天,访问WEB界面重启 [357658.830000] Unhandled kernel unaligned access[#1]: [357658.830000] Call Trace: [357658.830000] [<8007de74>] __sysctl_head_next+0x3c/0x108 [357658.830000] [<80133614>] proc_sys_lookup+0x10c/0x13c [357658.830000] [<800f350c>] d_alloc_and_lookup+0x54/0x90 [357658.830000] [<800f3a80>] do_lookup+0x2a8/0x390 [357658.830000] [<800f5808>] path_lookupat+0x148/0x708 [357658.830000] [<800f5df8>] do_path_lookup+0x30/0xa4 [357658.830000] [<800f751c>] user_path_at_empty+0x60/0xa8 [357658.830000] [<800f7574>] user_path_at+0x10/0x1c [357658.830000] [<800e8a0c>] sys_faccessat+0xb4/0x1cc [357658.830000] [<8006c584>] stack_done+0x20/0x40
最新发布
06-14
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值