What are segmentation faults (segfaults), and how can I identify what’s causing them?
Debugging Segmentation Faults and Pointer Problems
Debugging with GDB
GDB Command Reference
(gdb) info frame Stack level 0, frame at 0xb75f7390: eip = 0x804877f in base::func() (testing.cpp:16); saved eip 0x804869a called by frame at 0xb75f73b0 source language c++. Arglist at 0xb75f7388, args: this=0x0 Locals at 0xb75f7388, Previous frame's sp is 0xb75f7390 Saved registers: ebp at 0xb75f7388, eip at 0xb75f738c
stack level 0 frame num in backtrace, 0 is current executing frame, which grows downwards, in consistence with the stack. frame at 0xb75f7390 starting memory address of this stack frame eip = 0x804877f in base::func() (testing.cpp:16); saved eip 0x804869a eip is the register for next instruction to execute (also called program counter). so at this moment, the next to execute is at "0x804877f", which is line 16 of testing.cpp. saved eip "0x804869a" is so called "return address", i.e., the instruction to resume in caller stack frame after returning from this callee stack. It is pushed into stack upon "CALL" instruction (save it for return). called by frame at 0xb75f73b0 the address of the caller stack frame source language c++ which language in use Arglist at 0xb75f7388, args: this=0x0 the starting address of arguments Locals at 0xb75f7388, address of local variables. Previous frame's sp is 0xb75f7390 this is where the previous frame´s stack pointer point to (the caller frame), at the moment of calling, it is also the starting memory address of called stack frame. Saved registers: These are the two addresses on the callee stack, for two saved registers. ebp at 0xb75f7388 that is the address where the "ebp" register of the caller´s stack frame saved (please note, it is the register, not the caller´s stack address). i.e., corresponding to "PUSH %ebp". "ebp" is the register usually considered as the starting address of the locals of this stack frame, which use "offset" to address. In another word, the operations of local variables all use this "ebp", so you will see something like mov -0x4(%ebp), %eax, etc. eip at 0xb75f738c as mentioned before, but here is the address of the stack (which contains the value "0x804877f").