My understanding of stack traces is essentially based on What is exactly the base pointer and stack pointer? To what do they point?.
A program I have been helping to develop for years spits out a stack dump when it crashes, and I have become accustomed to evaluating these stack traces, in correspondence with a .map file that the C++ compiler produces. A number of times, I have successfully been able to walk the stack and debug issues.
However, sometimes the stack trace has a NULL EBP (frame) pointer. Here is the relevant snippet from such a sample stack dump:
Initial EBP pointer value: 04d8fab0
{at address 04d8fab0: 00000000}
As you can see, the value of the EBP frame pointer is NULL. Therefore, I cannot walk the stack.
Is this the sign of a corrupted stack, or is there another possible explanation?
As you can see, the value of the EBP frame pointer is NULL. Therefore, I cannot walk the stack. Is this the sign of a corrupted stack, or is there another possible explanation?
I think there is another explanation, rooted in the fact that in addition to holding the address of the current stack frame, the EBP register can also be used for any other purpose like general-purpose registers. In order to do that safely, two things are required:
Store its current content to the stack by calling
PUSH EBP
Restore the content after the general-purpose usage and before exiting the current procedue by calling
POP EBP
So I was thinking the case you were experiencing was not necessarily caused by corruption of the stack, as it technically may have been that the dump was generated while the EBP register was temporarily being used for general-purpose usage by someplace else in the process' code, maybe not even code you've written.
来源:https://stackoverflow.com/questions/10420325/is-the-stack-corrupted-if-the-ebp-frame-pointer-is-null