search

neraliu / tainted-phantomjs

Tainted PhantomJS
BSD 3-Clause "New" or "Revised" License
53 stars 12 forks source link

Tphantomjs brooker library _Rb_tree_rebalance_for_erase remote overflow #32

Open timeisflowing opened 10 years ago

timeisflowing commented 10 years ago

qt/src/3rdparty/webkit/Source/JavaScriptCore/runtime/TaintedHashMap.cpp:52

gdb$ bt

0 0x00007ffff7041fb0 in std::_Rb_tree_rebalance_for_erase(std::_Rb_tree_node_base*, std::_Rb_tree_node_base&) () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6

1 0x000000000053e383 in JSC::TaintedHashMap::remove(std::string) ()

2 0x000000000051e3f8 in JSC::JSString::~JSString() ()

3 0x0000000001436f27 in JSC::MarkedBlock::sweep() ()

4 0x0000000000e4f778 in JSC::MarkedSpace::sweep() ()

5 0x0000000000e4b7a4 in JSC::Heap::reportExtraMemoryCostSlowCase(unsigned long) ()

6 0x000000000050c643 in JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState, JSC::ScopeChainNode) ()

7 0x0000000000e7f5a8 in cti_vm_lazyLinkCall ()

8 0x00007fffb0000062 in ?? ()

9 0x00007fff00000011 in ?? ()

10 0x00007fffac281ad0 in ?? ()

11 0x00007fffaf53d5b8 in ?? ()

12 0x00007fffac282b90 in ?? ()

13 0x0000000000000004 in ?? ()

14 0x0000000000000010 in ?? ()

15 0x0000000000000000 in ?? ()

gdb$ disassemble 0x00007ffff7041fb0 Dump of assembler code for function _ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS: 0x00007ffff7041ef0 <+0>: push r15 0x00007ffff7041ef2 <+2>: mov r15,rdi 0x00007ffff7041ef5 <+5>: push r14 0x00007ffff7041ef7 <+7>: mov r14,rsi 0x00007ffff7041efa <+10>: push r13 0x00007ffff7041efc <+12>: push r12 0x00007ffff7041efe <+14>: push rbp 0x00007ffff7041eff <+15>: push rbx 0x00007ffff7041f00 <+16>: mov rcx,QWORD PTR [rdi+0x10] 0x00007ffff7041f04 <+20>: test rcx,rcx 0x00007ffff7041f07 <+23>: je 0x7ffff7042100 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+528> 0x00007ffff7041f0d <+29>: mov rsi,QWORD PTR [rdi+0x18] 0x00007ffff7041f11 <+33>: test rsi,rsi 0x00007ffff7041f14 <+36>: je 0x7ffff7042104 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+532> 0x00007ffff7041f1a <+42>: mov rbx,rsi 0x00007ffff7041f1d <+45>: jmp 0x7ffff7041f23 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+51> 0x00007ffff7041f1f <+47>: nop 0x00007ffff7041f20 <+48>: mov rbx,rdx 0x00007ffff7041f23 <+51>: mov rdx,QWORD PTR [rbx+0x10] 0x00007ffff7041f27 <+55>: test rdx,rdx 0x00007ffff7041f2a <+58>: jne 0x7ffff7041f20 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+48> 0x00007ffff7041f2c <+60>: cmp rbx,r15 0x00007ffff7041f2f <+63>: mov rax,rbx 0x00007ffff7041f32 <+66>: mov r12,QWORD PTR [rbx+0x18] 0x00007ffff7041f36 <+70>: je 0x7ffff7042295 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+933> 0x00007ffff7041f3c <+76>: cmp rsi,rbx 0x00007ffff7041f3f <+79>: mov QWORD PTR [rcx+0x8],rbx 0x00007ffff7041f43 <+83>: mov QWORD PTR [rbx+0x10],rcx 0x00007ffff7041f47 <+87>: je 0x7ffff7041f6f <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+127> 0x00007ffff7041f49 <+89>: test r12,r12 0x00007ffff7041f4c <+92>: mov rbx,QWORD PTR [rbx+0x8] 0x00007ffff7041f50 <+96>: je 0x7ffff70421c0 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+720> 0x00007ffff7041f56 <+102>: mov QWORD PTR [r12+0x8],rbx 0x00007ffff7041f5b <+107>: mov rdx,QWORD PTR [rax+0x8] 0x00007ffff7041f5f <+111>: mov QWORD PTR [rdx+0x10],r12 0x00007ffff7041f63 <+115>: mov QWORD PTR [rax+0x18],rsi 0x00007ffff7041f67 <+119>: mov rdx,QWORD PTR [r15+0x18] 0x00007ffff7041f6b <+123>: mov QWORD PTR [rdx+0x8],rax 0x00007ffff7041f6f <+127>: cmp QWORD PTR [r14+0x8],r15 0x00007ffff7041f73 <+131>: je 0x7ffff7042150 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+608> 0x00007ffff7041f79 <+137>: mov rdx,QWORD PTR [r15+0x8] 0x00007ffff7041f7d <+141>: cmp QWORD PTR [rdx+0x10],r15 0x00007ffff7041f81 <+145>: je 0x7ffff70421b0 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+704> 0x00007ffff7041f87 <+151>: mov QWORD PTR [rdx+0x18],rax 0x00007ffff7041f8b <+155>: mov QWORD PTR [rax+0x8],rdx 0x00007ffff7041f8f <+159>: mov ecx,DWORD PTR [r15] 0x00007ffff7041f92 <+162>: mov edx,DWORD PTR [rax] 0x00007ffff7041f94 <+164>: mov DWORD PTR [rax],ecx 0x00007ffff7041f96 <+166>: mov DWORD PTR [r15],edx 0x00007ffff7041f99 <+169>: test edx,edx 0x00007ffff7041f9b <+171>: lea r13,[r14+0x8] 0x00007ffff7041f9f <+175>: jne 0x7ffff7041fe5 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+245> 0x00007ffff7041fa1 <+177>: jmp 0x7ffff704205d <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+365> 0x00007ffff7041fa6 <+182>: nop WORD PTR cs:[rax+rax_1+0x0] => 0x00007ffff7041fb0 <+192>: mov rdx,QWORD PTR [rbp+0x18] 0x00007ffff7041fb4 <+196>: test rdx,rdx 0x00007ffff7041fb7 <+199>: je 0x7ffff7041fc2 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+210> 0x00007ffff7041fb9 <+201>: cmp DWORD PTR [rdx],0x1 0x00007ffff7041fbc <+204>: jne 0x7ffff7042160 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+624> 0x00007ffff7041fc2 <+210>: mov rdx,QWORD PTR [rbp+0x10] 0x00007ffff7041fc6 <+214>: test rdx,rdx 0x00007ffff7041fc9 <+217>: je 0x7ffff7041fd4 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+228> 0x00007ffff7041fcb <+219>: cmp DWORD PTR [rdx],0x1 0x00007ffff7041fce <+222>: jne 0x7ffff70420d0 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+480> 0x00007ffff7041fd4 <+228>: mov rdx,QWORD PTR [rbx+0x8] 0x00007ffff7041fd8 <+232>: mov DWORD PTR [rbp+0x0],0x0 0x00007ffff7041fdf <+239>: mov r12,rbx 0x00007ffff7041fe2 <+242>: mov rbx,rdx 0x00007ffff7041fe5 <+245>: cmp QWORD PTR [r14+0x8],r12 0x00007ffff7041fe9 <+249>: je 0x7ffff7042050 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+352> 0x00007ffff7041feb <+251>: test r12,r12 0x00007ffff7041fee <+254>: je 0x7ffff7041ff7 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+263> 0x00007ffff7041ff0 <+256>: cmp DWORD PTR [r12],0x1 0x00007ffff7041ff5 <+261>: jne 0x7ffff7042055 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+357> 0x00007ffff7041ff7 <+263>: mov rbp,QWORD PTR [rbx+0x10] 0x00007ffff7041ffb <+267>: cmp rbp,r12 0x00007ffff7041ffe <+270>: je 0x7ffff7042070 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+384> 0x00007ffff7042000 <+272>: mov eax,DWORD PTR [rbp+0x0] 0x00007ffff7042003 <+275>: test eax,eax 0x00007ffff7042005 <+277>: jne 0x7ffff7041fb0 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+192> 0x00007ffff7042007 <+279>: mov DWORD PTR [rbp+0x0],0x1 0x00007ffff704200e <+286>: mov rsi,r13 0x00007ffff7042011 <+289>: mov DWORD PTR [rbx],0x0 0x00007ffff7042017 <+295>: mov rdi,rbx 0x00007ffff704201a <+298>: call 0x7ffff7041be0 0x00007ffff704201f <+303>: mov rbp,QWORD PTR [rbx+0x10] 0x00007ffff7042023 <+307>: jmp 0x7ffff7041fb0 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+192> 0x00007ffff7042025 <+309>: mov rax,rdx 0x00007ffff7042028 <+312>: mov edx,DWORD PTR [rbx] 0x00007ffff704202a <+314>: mov DWORD PTR [rdi],edx 0x00007ffff704202c <+316>: mov DWORD PTR [rbx],0x1 0x00007ffff7042032 <+322>: mov DWORD PTR [rax],0x1 0x00007ffff7042038 <+328>: mov rsi,r13 0x00007ffff704203b <+331>: mov rdi,rbx 0x00007ffff704203e <+334>: mov r12,rbp 0x00007ffff7042041 <+337>: call 0x7ffff7041b80 0x00007ffff7042046 <+342>: nop WORD PTR cs:[rax+rax_1+0x0] 0x00007ffff7042050 <+352>: test r12,r12 0x00007ffff7042053 <+355>: je 0x7ffff704205d <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+365> 0x00007ffff7042055 <+357>: mov DWORD PTR [r12],0x1 0x00007ffff704205d <+365>: pop rbx 0x00007ffff704205e <+366>: pop rbp 0x00007ffff704205f <+367>: pop r12 0x00007ffff7042061 <+369>: pop r13 0x00007ffff7042063 <+371>: pop r14 0x00007ffff7042065 <+373>: mov rax,r15 0x00007ffff7042068 <+376>: pop r15 0x00007ffff704206a <+378>: ret
0x00007ffff704206b <+379>: nop DWORD PTR [rax+rax_1+0x0] 0x00007ffff7042070 <+384>: mov rdi,QWORD PTR [rbx+0x18] 0x00007ffff7042074 <+388>: mov edx,DWORD PTR [rdi] 0x00007ffff7042076 <+390>: test edx,edx 0x00007ffff7042078 <+392>: je 0x7ffff70420b0 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+448> 0x00007ffff704207a <+394>: mov rax,QWORD PTR [rdi+0x10] 0x00007ffff704207e <+398>: test rax,rax 0x00007ffff7042081 <+401>: je 0x7ffff704208c <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+412> 0x00007ffff7042083 <+403>: cmp DWORD PTR [rax],0x1 0x00007ffff7042086 <+406>: jne 0x7ffff7042226 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+822> 0x00007ffff704208c <+412>: mov rax,QWORD PTR [rdi+0x18] 0x00007ffff7042090 <+416>: test rax,rax 0x00007ffff7042093 <+419>: je 0x7ffff704209a <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+426> 0x00007ffff7042095 <+421>: cmp DWORD PTR [rax],0x1 0x00007ffff7042098 <+424>: jne 0x7ffff7042028 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+312> 0x00007ffff704209a <+426>: mov DWORD PTR [rdi],0x0 0x00007ffff70420a0 <+432>: mov rdx,QWORD PTR [rbx+0x8] 0x00007ffff70420a4 <+436>: jmp 0x7ffff7041fdf <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+239> 0x00007ffff70420a9 <+441>: nop DWORD PTR [rax+0x0] 0x00007ffff70420b0 <+448>: mov DWORD PTR [rdi],0x1 0x00007ffff70420b6 <+454>: mov rsi,r13 0x00007ffff70420b9 <+457>: mov rdi,rbx 0x00007ffff70420bc <+460>: mov DWORD PTR [rbx],0x0 0x00007ffff70420c2 <+466>: call 0x7ffff7041b80 0x00007ffff70420c7 <+471>: mov rdi,QWORD PTR [rbx+0x18] 0x00007ffff70420cb <+475>: jmp 0x7ffff704207a <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+394> 0x00007ffff70420cd <+477>: mov rdx,rax 0x00007ffff70420d0 <+480>: mov eax,DWORD PTR [rbx] 0x00007ffff70420d2 <+482>: mov DWORD PTR [rbp+0x0],eax 0x00007ffff70420d5 <+485>: mov DWORD PTR [rbx],0x1 0x00007ffff70420db <+491>: mov DWORD PTR [rdx],0x1 0x00007ffff70420e1 <+497>: mov rsi,r13 0x00007ffff70420e4 <+500>: mov rdi,rbx 0x00007ffff70420e7 <+503>: call 0x7ffff7041be0 0x00007ffff70420ec <+508>: test r12,r12 0x00007ffff70420ef <+511>: jne 0x7ffff7042055 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+357> 0x00007ffff70420f5 <+517>: jmp 0x7ffff704205d <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+365> 0x00007ffff70420fa <+522>: nop WORD PTR [rax+rax_1+0x0] 0x00007ffff7042100 <+528>: mov rcx,QWORD PTR [rdi+0x18] 0x00007ffff7042104 <+532>: test rcx,rcx 0x00007ffff7042107 <+535>: mov rbx,QWORD PTR [r15+0x8] 0x00007ffff704210b <+539>: je 0x7ffff7042111 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+545> 0x00007ffff704210d <+541>: mov QWORD PTR [rcx+0x8],rbx 0x00007ffff7042111 <+545>: cmp QWORD PTR [r14+0x8],r15 0x00007ffff7042115 <+549>: je 0x7ffff704221d <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+813> 0x00007ffff704211b <+555>: mov rax,QWORD PTR [r15+0x8] 0x00007ffff704211f <+559>: cmp QWORD PTR [rax+0x10],r15 0x00007ffff7042123 <+563>: je 0x7ffff704226c <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+892> 0x00007ffff7042129 <+569>: mov QWORD PTR [rax+0x18],rcx 0x00007ffff704212d <+573>: cmp QWORD PTR [r14+0x10],r15 0x00007ffff7042131 <+577>: je 0x7ffff70421c8 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+728> 0x00007ffff7042137 <+583>: cmp QWORD PTR [r14+0x18],r15 0x00007ffff704213b <+587>: je 0x7ffff70421f5 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+773> 0x00007ffff7042141 <+593>: mov edx,DWORD PTR [r15] 0x00007ffff7042144 <+596>: mov r12,rcx 0x00007ffff7042147 <+599>: jmp 0x7ffff7041f99 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+169> 0x00007ffff704214c <+604>: nop DWORD PTR [rax+0x0] 0x00007ffff7042150 <+608>: mov QWORD PTR [r14+0x8],rax 0x00007ffff7042154 <+612>: mov rdx,QWORD PTR [r15+0x8] 0x00007ffff7042158 <+616>: jmp 0x7ffff7041f8b <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+155> 0x00007ffff704215d <+621>: nop DWORD PTR [rax] 0x00007ffff7042160 <+624>: mov rax,QWORD PTR [rbp+0x10] 0x00007ffff7042164 <+628>: test rax,rax 0x00007ffff7042167 <+631>: je 0x7ffff7042172 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+642> 0x00007ffff7042169 <+633>: cmp DWORD PTR [rax],0x1 0x00007ffff704216c <+636>: jne 0x7ffff70420cd <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+477> 0x00007ffff7042172 <+642>: mov DWORD PTR [rdx],0x1 0x00007ffff7042178 <+648>: mov rsi,r13 0x00007ffff704217b <+651>: mov DWORD PTR [rbp+0x0],0x0 0x00007ffff7042182 <+658>: mov rdi,rbp 0x00007ffff7042185 <+661>: call 0x7ffff7041b80 0x00007ffff704218a <+666>: mov rax,QWORD PTR [rbx+0x10] 0x00007ffff704218e <+670>: mov ecx,DWORD PTR [rbx] 0x00007ffff7042190 <+672>: mov rdx,QWORD PTR [rax+0x10] 0x00007ffff7042194 <+676>: mov DWORD PTR [rax],ecx 0x00007ffff7042196 <+678>: mov DWORD PTR [rbx],0x1 0x00007ffff704219c <+684>: test rdx,rdx 0x00007ffff704219f <+687>: jne 0x7ffff70420db <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+491> 0x00007ffff70421a5 <+693>: jmp 0x7ffff70420e1 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+497> 0x00007ffff70421aa <+698>: nop WORD PTR [rax+rax_1+0x0] 0x00007ffff70421b0 <+704>: mov QWORD PTR [rdx+0x10],rax 0x00007ffff70421b4 <+708>: jmp 0x7ffff7041f8b <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+155> 0x00007ffff70421b9 <+713>: nop DWORD PTR [rax+0x0] 0x00007ffff70421c0 <+720>: mov rdx,rbx 0x00007ffff70421c3 <+723>: jmp 0x7ffff7041f5f <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+111> 0x00007ffff70421c8 <+728>: cmp QWORD PTR [r15+0x18],0x0 0x00007ffff70421cd <+733>: mov rdx,rcx 0x00007ffff70421d0 <+736>: jne 0x7ffff70421e3 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+755> 0x00007ffff70421d2 <+738>: jmp 0x7ffff7042275 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+901> 0x00007ffff70421d7 <+743>: nop WORD PTR [rax+rax_1+0x0] 0x00007ffff70421e0 <+752>: mov rdx,rax 0x00007ffff70421e3 <+755>: mov rax,QWORD PTR [rdx+0x10] 0x00007ffff70421e7 <+759>: test rax,rax 0x00007ffff70421ea <+762>: jne 0x7ffff70421e0 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+752> 0x00007ffff70421ec <+764>: mov QWORD PTR [r14+0x10],rdx 0x00007ffff70421f0 <+768>: jmp 0x7ffff7042137 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+583> 0x00007ffff70421f5 <+773>: cmp QWORD PTR [r15+0x10],0x0 0x00007ffff70421fa <+778>: mov rdx,rcx 0x00007ffff70421fd <+781>: jne 0x7ffff704220b <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+795> 0x00007ffff70421ff <+783>: jmp 0x7ffff7042282 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+914> 0x00007ffff7042204 <+788>: nop DWORD PTR [rax+0x0] 0x00007ffff7042208 <+792>: mov rdx,rax 0x00007ffff704220b <+795>: mov rax,QWORD PTR [rdx+0x18] 0x00007ffff704220f <+799>: test rax,rax 0x00007ffff7042212 <+802>: jne 0x7ffff7042208 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+792> 0x00007ffff7042214 <+804>: mov QWORD PTR [r14+0x18],rdx 0x00007ffff7042218 <+808>: jmp 0x7ffff7042141 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+593> 0x00007ffff704221d <+813>: mov QWORD PTR [r14+0x8],rcx 0x00007ffff7042221 <+817>: jmp 0x7ffff704212d <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+573> 0x00007ffff7042226 <+822>: mov rdx,QWORD PTR [rdi+0x18] 0x00007ffff704222a <+826>: test rdx,rdx 0x00007ffff704222d <+829>: je 0x7ffff7042238 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+840> 0x00007ffff704222f <+831>: cmp DWORD PTR [rdx],0x1 0x00007ffff7042232 <+834>: jne 0x7ffff7042025 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+309> 0x00007ffff7042238 <+840>: mov DWORD PTR [rax],0x1 0x00007ffff704223e <+846>: mov rsi,r13 0x00007ffff7042241 <+849>: mov DWORD PTR [rdi],0x0 0x00007ffff7042247 <+855>: call 0x7ffff7041be0 0x00007ffff704224c <+860>: mov rdx,QWORD PTR [rbx+0x18] 0x00007ffff7042250 <+864>: mov ecx,DWORD PTR [rbx] 0x00007ffff7042252 <+866>: mov rax,QWORD PTR [rdx+0x18] 0x00007ffff7042256 <+870>: mov DWORD PTR [rdx],ecx 0x00007ffff7042258 <+872>: mov DWORD PTR [rbx],0x1 0x00007ffff704225e <+878>: test rax,rax 0x00007ffff7042261 <+881>: jne 0x7ffff7042032 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+322> 0x00007ffff7042267 <+887>: jmp 0x7ffff7042038 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+328> 0x00007ffff704226c <+892>: mov QWORD PTR [rax+0x10],rcx 0x00007ffff7042270 <+896>: jmp 0x7ffff704212d <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+573> 0x00007ffff7042275 <+901>: mov rax,QWORD PTR [r15+0x8] 0x00007ffff7042279 <+905>: mov QWORD PTR [r14+0x10],rax 0x00007ffff704227d <+909>: jmp 0x7ffff7042137 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+583> 0x00007ffff7042282 <+914>: mov rax,QWORD PTR [r15+0x8] 0x00007ffff7042286 <+918>: mov edx,DWORD PTR [r15] 0x00007ffff7042289 <+921>: mov r12,rcx 0x00007ffff704228c <+924>: mov QWORD PTR [r14+0x18],rax 0x00007ffff7042290 <+928>: jmp 0x7ffff7041f99 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+169> 0x00007ffff7042295 <+933>: mov rcx,r12 0x00007ffff7042298 <+936>: jmp 0x7ffff7042104 <_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_nodebaseRS+532> End of assembler dump. gdb$ i r rax 0x31048f0 0x31048f0 rbx 0x47109f0 0x47109f0 rcx 0x0 0x0 rdx 0x47c8d70 0x47c8d70 rsi 0x2e42530 0x2e42530 rdi 0x47109f0 0x47109f0 rbp 0x0 0x0 rsp 0x7fffffffc1c8 0x7fffffffc1c8 r8 0x0 0x0 r9 0x32e5700 0x32e5700 r10 0x0 0x0 r11 0xffd5000000000000 0xffd5000000000000 r12 0x0 0x0 r13 0x2e42530 0x2e42530 r14 0x2e42528 0x2e42528 r15 0x489ea70 0x489ea70 rip 0x7ffff7041fb0 0x7ffff7041fb0 <std::_Rb_tree_rebalance_for_erase(std::_Rb_tree_node_base*, std::_Rb_tree_node_base&)+192> eflags 0x10246 [ PF ZF IF RF ] cs 0x33 0x33 ss 0x2b 0x2b ds 0x0 0x0 es 0x0 0x0 fs 0x0 0x0 gs 0x0 0x0