Msg/MemoryStackRedZone

From CPUlator Wiki

< Msg
Revision as of 07:04, 10 March 2019 by Henry (talk | contribs)

A stack frame is a region of memory used by an executing function. The memory region at or above the stack pointer is allocated stack space that may be used, while addresses less than the stack pointer may not be used until allocated first. This warning tells you that a memory access attempted to use memory that is near, but below the stack pointer. It is likely (but not necessarily) a bug in allocating, using, and deallocating stack space.

Example

ARMv7

.global _start
_start:
	mov sp, #0x1000			// Initialize SP to something sane    
	bl Func
    
Func:
	str r0, [sp, #-4]		// Store to stack space we haven't allocated yet
	sub sp, #4				// Allocate stack space: Too late.
	add sp, #4				// Deallocate stack space
	bx lr

Nios II

.global _start
_start:
	movi sp, 0x1000			# Initialize SP to something sane    
	call Func
    
Func:
	stw r0, -4(sp)				# Store to stack space we haven't allocated yet
	subi sp, sp, 4				# Allocate stack space: Too late.
	addi sp, sp, 4				# Deallocate stack space
	ret

In the above examples, the stack pointer is 0x1000, but a memory access occurred to 0x0ffc, which is not part of the stack because it is below the stack pointer value (0x1000).

Debugging

  • Check that any stack space needed by a function is allocated before used.
  • Another common cause is overrunning the beginning of arrays that are located on the stack while iterating over them (also called a "buffer overflow", a well-known cause of security vulnerabilities). Check the addresses of the memory access and ensure that it makes sense.

Implementation

The simulator identifies idiomatic call and return instructions executed at runtime. It records the values of registers when executing call instructions, and compares the address of each memory access to the stack pointer at the beginning of the function. This warning is generated if a memory access hits the 128-byte region immediately below the stack pointer. This warning is generated at the memory load or store.

Disabling this message

This debugging check can be disabled in the Debugging Checks section of the Settings box: Memory access to unallocated stack space.

Retrieved from "https://cpulator.01xz.net/mw/index.php?title=Msg/MemoryStackRedZone&oldid=63"