Segmentation fault if I access to argc with r0

Question

.global main

main:
    bx lr

If I do:

kali@kali:~/Desktop/arm/NEEVVVV$ ./a.out a b c
Segmentation fault
kali@kali:~/Desktop/arm/NEEVVVV$ echo $?
139

139 is null pointer exception.. why does this happens?

Shouldn't I be able to see the number of argv since in r0 does contain argc ? argc is just an integer, why this does not work? int main (int argc, char *argv[]) says that argc is an int, not an address, so if I see the exit code (r0) there should be the argc, but nope

EDIT:

FIXED by adding this:

.type main%function

after .global main

Is that the entire assembly code? I don't get segfault on Rpi 4. — Arkadiusz Drabczyk, Dec 26 '20 at 17:03
The code you pasted only returns from main, it doesn't touch anything else. — Thomas Jager, Dec 26 '20 at 17:04
`Shouldn't I be able to see the number of argv since in r0 does contain argc ?` - yes, you should and this happens on Rpi 4. What hardware and OS are you using? — Arkadiusz Drabczyk, Dec 26 '20 at 17:15
@Thomas Jager: so what ? the main() function being called from the startup code means that argc will reside in r0, the address of argv[] in r1, and the address of envp[] in r2. — Frant, Dec 26 '20 at 17:17
@Frant That is not necessary always true. It will depend on the calling convention used by the architecture / runtime library pair: https://stackoverflow.com/questions/45697594/what-is-the-calling-convention-for-the-main-function-in-c — LoPiTaL, Dec 26 '20 at 17:23
@LoPiTaL I would assume this is always true on a Linux/glibc aarch32 system, which seems to be the case here. What do you think ? — Frant, Dec 26 '20 at 17:29
@LoPiTaL: As far as I know, ARM has a single well-established calling convention, unlike x86 where there are several different ones in common use. It has some variants with respect to floating point but that shouldn't apply here. — Nate Eldredge, Dec 26 '20 at 17:33
I would expect your code also needs `.text`; otherwise your code might be assembled into a data section which is not executable. But none of this has anything to do with `argc` or calling conventions. Note that segmentation faults (exit code 139) may be caused by many different types of invalid memory access, not just null pointers. — Nate Eldredge, Dec 26 '20 at 17:34
@Sperly1987: This is interesting, what are the versions of the compiler/assembler you are using ? `.type main%function` is not needed with gcc 9.3.0 anf GNU as 2.34. — Frant, Dec 26 '20 at 17:35
@Nate Eldredge: as a matter of facts, his programs works fine without `.text`, even though I agree this would be better. And the question being "Shouldn't I be able to see the number of argv since in r0 does contain argc", it is directly related to argc and ARM calling conventions: executing `./a.out a b c` should (and does on my system) result in 4 (argc) residing in r0 at the time main is being called. Since the program is doing nothing, it should result in 4 beeing the exit code for the program, and `echo $?` displaying 4 in the shell session. — Frant, Dec 26 '20 at 17:40
@Nate Eldredge: the reason why `.type main%function` is required on his system is a different question, not the one that was asked/answered. — Frant, Dec 26 '20 at 17:45
Well, part of the question was why does it segfault. "139 is null pointer exception.. why does this happens?" And that must have to do with the assembler directives, or the default options of the toolchain - but not with the code itself. Once the code they wrote can actually run, the rest of the problem would solve itself, as you say. — Nate Eldredge, Dec 26 '20 at 17:53
@Nate Eldredge: Exactly, my goal was to make clear the code itself was working, and that the assumptions on how it should behave were right. This was IMHO important an information to give, I made clear in the answer what I was exactly answering to since it seems this was not clear enough. — Frant, Dec 26 '20 at 18:17

Frant · Answer 1 · 2020-12-26T18:14:13.337

0

Answering to "Shouldn't I be able to see the number of argv since in r0 does contain argc ?":

Yes, you should: on my Cortex-A7 system running ubuntu 20.04:

gcc argc.s
./a.out a b c
echo $?
4

gcc  --version
gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0

So the the problem you are encountering is related to your specific development environment, and since you did not provide any specific on the latter, this is difficult to say why.

edited Dec 26 '20 at 18:14

answered Dec 26 '20 at 17:07

Frant

5,382
1
16
22

I don't see how this answers the question. The code they've provided doesn't touch `r0` as they say, so unless you're using different code, this doesn't answer the (incomplete) question. An answer isn't the right place to ask for more details about the question. – Thomas Jager Dec 26 '20 at 17:09
1

The question being answered is "Shouldn't I be able to see the number of argv since in r0 goes argc", and answer is yes, according to ARM calling conventions. Do you see better ? – Frant Dec 26 '20 at 17:11

Segmentation fault if I access to argc with r0

1 Answers1