0

Could anyone tell me what is the significance of this assembly instruction:

0xb48daed9 <+3479>: lea -0xc(%ebp),%esp

I am not very comfortable with Assembly instructions. Actually I am getting a SIGABRT in my application and the culprit, it seems, is this particular assembly instruction.

Abdur Rahman
  • 353
  • 5
  • 16
Mariners
  • 499
  • 8
  • 18
  • This question may help: [Why is there three leal instructions for this IA32 assembly code?](http://stackoverflow.com/q/22511842/1708801) – Shafik Yaghmour Mar 12 '15 at 09:21
  • possible duplicate of [What's the purpose of the LEA instruction?](http://stackoverflow.com/questions/1658294/whats-the-purpose-of-the-lea-instruction) – phuclv Mar 12 '15 at 09:31
  • Possible duplicate of [What does a hexadecimal number, with a register in parenthesis mean in Assembly?](https://stackoverflow.com/questions/31735903/what-does-a-hexadecimal-number-with-a-register-in-parenthesis-mean-in-assembly) – phuclv Aug 09 '18 at 01:46

2 Answers2

1

On the mechanical level, the instruction

lea -0xc(%ebp),%esp

adds -0xc (that is: -12) to %ebp and writes the result to %esp.

On the logical level, it allocates a called function's stack frame. I'd expect to see it in a context similar to this:

push %ebp            ; save previous base pointer
mov %esp,%ebp        ; set %ebp = %esp: old stack pointer is new base pointer
lea -0xc(%ebp),%esp  ; allocate 12 bytes for local variables

%ebp and %esp are the stack pointer registers. %ebp points to the base of the stack frame and %esp to its "top" (actually the bottom because the stack grows downward), so the lea instruction moves the stack pointer 12 bytes below the base, staking a claim of 12 bytes for local variables. Doing this after saving the old base pointer and setting the new base pointer to the old stack pointer pushes a new frame of 12 bytes onto the call stack.

It seems unlikely that this instruction itself causes a trap, but in the event of a stack overflow, the allocated stack frame will be invalid and explosions are expected when trying to use it. My suspicion is that you have a runaway recursive function.

Another possibility, as @abligh mentions, is that the stack pointer became corrupted somewhere along the line. This can happen, among other things, if a buffer overflow happens in a stack-allocated buffer so that a previously saved base pointer is overwritten with garbage. Upon return from the function, the garbage is restored in lieu of the overwritten base pointer, and a subsequent function call will not have anything sensible with which to work.

Wintermute
  • 42,983
  • 5
  • 77
  • 80
0

lea -0xc(%ebp),%esp will:

  • compute the effective address [1] of %ebp - 12, and
  • store it in %esp

It has been/is used to perform fast arithmetic with memory operands. According to the Intel manual, it may throw an exception if the source operand is not a memory location.

[1] "Effective address", in Intel's parlance, is an offset which is supplied either as a static value or an address computation of the form: Offset = Base + (Index * Scale) + Displacement

Michael Foukarakis
  • 39,737
  • 6
  • 87
  • 123
  • You should explain what you mean by “it may throw an exception if the source (the ebp register in your case) is not a memory location.”. ebp is not a memory location. If it had been a memory location, it would have had to be a valid memory location, and I can only assume that you misinterpreted the documentation that said that, but a precise reference would remove any ambiguity. – Pascal Cuoq Mar 12 '15 at 09:38
  • You should also explain that when you say "compute the effective address of", what you really mean is just "compute": the instruction sets `%esp` equal to `%ebp-12`. (But I didn't know that it could throw an exception.) – TonyK Mar 12 '15 at 10:27
  • @PascalCuoq, thanks, what I wrote was obviously wrong. TonyK: I was going by Intel's definition of "effective address" in the manual. – Michael Foukarakis Mar 12 '15 at 10:42