我有一个调用gSoapAPI 函数的例程soap_malloc。但是segmentation fault每当我尝试访问由soap_malloc. 当我gdb用来调试它时。我发现里面soap_malloc,存储在寄存器中的返回值%rax是0x7fffec0018f0。但是在返回时,%rax更改为0xffffffffec0018f0. 只保留低 32 位,高 32 位全部更改为1. 这导致访问一个相当高的地址,因此导致例程停止。感谢大家给我任何关于如何发生这种情况的想法。我正在运行我的多线程程序Ubuntu12.04 x86-64。
这就是我所说的:
void *temp = soap_malloc(soap, 96);
这就是soap_malloc实现(只else执行那部分,宏SOAP_MALLOC只是将第二个参数传递给malloc,SOAP_CANARY是常量0xC0DE):
#ifndef SOAP_MALLOC /* use libc malloc */
# define SOAP_MALLOC(soap, size) malloc(size)
#endif
#ifndef SOAP_CANARY
# define SOAP_CANARY (0xC0DE)
#endif
void* soap_malloc(struct soap *soap, size_t n)
{ register char *p;
if (!n)
return (void*)SOAP_NON_NULL;
if (!soap)
return SOAP_MALLOC(soap, n);
if (soap->fmalloc)
p = (char*)soap->fmalloc(soap, n);
else
{ n += sizeof(short);
n += (-(long)n) & (sizeof(void*)-1); /* align at 4-, 8- or 16-byte boundary */
if (!(p = (char*)SOAP_MALLOC(soap, n + sizeof(void*) + sizeof(size_t))))
{ soap->error = SOAP_EOM;
return NULL;
}
/* set the canary to detect corruption */
*(unsigned short*)(p + n - sizeof(unsigned short)) = (unsigned short)SOAP_CANARY;
/* keep chain of alloced cells for destruction */
*(void**)(p + n) = soap->alist;
*(size_t*)(p + n + sizeof(void*)) = n;
soap->alist = p + n;
}
soap->alloced = 1;
return p;
}
这是 的定义SOAP_NON_NULL:
static const char soap_padding[4] = "\0\0\0";
#define SOAP_NON_NULL (soap_padding)
更新(2013-03-12)
我明确声明soap_malloc返回void *并且问题解决了。以前,在将结果分配给 时,返回的值会被截断并扩展int符号位。1void *temp