我在 Android 上遇到了 Free Pascal 共享库启动代码的问题。Free Pascal RTL 源具有以下片段:
type
TAuxiliaryValue = cuInt32;
TInternalUnion = record
a_val: cuint32; //* Integer value */
{* We use to have pointer elements added here. We cannot do that,
though, since it does not work when using 32-bit definitions
on 64-bit platforms and vice versa. *}
end;
Elf32_auxv_t = record
a_type: cuint32; //* Entry type */
a_un: TInternalUnion;
end;
TElf32AuxiliaryVector = Elf32_auxv_t;
PElf32AuxiliaryVector = ^TElf32AuxiliaryVector;
var
psysinfo: LongWord = 0;
procedure InitSyscallIntf;
var
ep: PPChar;
auxv: PElf32AuxiliaryVector;
begin
psysinfo := 0;
ep := envp;
while ep^ <> nil do
Inc(ep);
Inc(ep);
auxv := PElf32AuxiliaryVector(ep);
repeat
if auxv^.a_type = AT_SYSINFO then begin
psysinfo := auxv^.a_un.a_val;
if psysinfo <> 0 then
sysenter_supported := 1; // descision factor in asm syscall routines
Break;
end;
Inc(auxv);
until auxv^.a_type = AT_NULL;
end;
该过程InitSyscallIntf
作为 SO 启动序列的一部分被调用。这envp
是一个单元级变量,在启动序列的早期初始化为 libc's 的值environ
。在我看来,代码正试图扫描environ
数组越过空指针(我认为它表示环境块的结尾),然后尝试读取过去的内存。
他们期望在environ
数组末尾找到什么?可能他们正在对加载的 ELF 文件的内存结构做出一些假设 - 我可以看到参考吗?