{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Evening l夕情丶 的问题《Why does returning from _start segfault?》','https://www.manongdao.com/q-430923.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I tried to put code not in the main function, but directly into _start:
segment .text
global _start
_start:
push rbp
mov rbp, rsp
; ... program logic ...
leave
ret
Compile:
yasm -f elf64 main.s
ld -o main main.o
Run:
./main
Segmentation fault(core dumped)
I read, leave is
mov esp,ebp
pop ebp
But why is it that such an epilogue to the pop stack frame and the set base frame pointer to a previous frame's base results in a segmentation fault?
Indeed, making an exit system call exits gracefully.
As per ABI1 the stack at the entry on
_startisThere is no "return address".
The only way to exit a process is through
SYS_EXIT1 Section 3.4.1 Initial Stack and Register State.
The
LEAVEinstruction is defined to not cause any exceptions, so it cannot be the source of your fault. You should be using GDB. Debuggers are invaluable in solving these sorts of problems.This is what happens:
So, most likely your program ran to completion, but the first thing on the stack that 0x0000000000000001.
RETpopped that into theRIPregister, and then it segfaulted because that address is not mapped.I don't write a lot of code on Linux, but I would bet that
_startis required to use the exit system call. The only way you could possibly return to a useful address is if the kernel put a function somewhere that would do this for you.