I read ( see here ) that it is “common practice” to print a stack trace using backtrace () during a crash signal handler (for example, when processing SIGSEGV ) on Linux:
1 Get the instruction pointer ( EIP or RIP ) from the undocumented sigcontext structure.
2 Replace the 2nd frame in the stack trace with the instruction pointer, since the first frame is a signal handler, and the 2nd frame should be within libc in the sigaction code, which overwrites the original frame in which an error occurred.
3 Print the return line starting with the recently replaced 2nd frame.
It seems to me that in my testing (on the x86_64 2.6 kernel) the actual source frame in which the error occurred is present in the stack trace specified by backtrace() in the 3rd frame - the first is the signal handler, and the second is in the signal processing code libc .
Is this change in kernel signal processing documented somewhere that you can reference me?
It seems to me that the result is that you can avoid replacing any frames with an instruction pointer and simply print the stack trace from backtrace() starting at frame 3, but I want this confirmation to be known and the correct way to do this is known.
e.dan source share