Here is the output of objdump -d firefox-4.0-bin with gcc4.4 and -pie
The major difference is with how pthread_mutex_lock is called in malloc:
937d: 8b 4d e4 mov -0x1c(%ebp),%ecx 9380: 89 0c 24 mov %ecx,(%esp) 9383: e8 28 7f ff ff call 12b0 <pthread_mutex_lock@plt>
....the value loaded on to the stack comes from earlier, here:
92f8: 65 a1 00 00 00 00 mov %gs:0x0,%eax 92fe: 81 e8 04 00 00 00 sub $0x4,%eax 9304: 8b 00 mov (%eax),%eax 9306: 85 c0 test %eax,%eax 9308: 89 45 e4 mov %eax,-0x1c(%ebp)
...note that the lea instruction has been replaced with a sub, and now loads the contents of the correct address in to eax
Here is the output of objdump -d firefox-4.0-bin with gcc4.4 and -pie
The major difference is with how pthread_mutex_lock is called in malloc:
937d: 8b 4d e4 mov -0x1c(%ebp),%ecx mutex_lock@ plt>
9380: 89 0c 24 mov %ecx,(%esp)
9383: e8 28 7f ff ff call 12b0 <pthread_
....the value loaded on to the stack comes from earlier, here:
92f8: 65 a1 00 00 00 00 mov %gs:0x0,%eax
92fe: 81 e8 04 00 00 00 sub $0x4,%eax
9304: 8b 00 mov (%eax),%eax
9306: 85 c0 test %eax,%eax
9308: 89 45 e4 mov %eax,-0x1c(%ebp)
...note that the lea instruction has been replaced with a sub, and now loads the contents of the correct address in to eax