Issues maybe not well backtraced for memcpy
来源:互联网 发布:我的俄罗斯女友 知乎 编辑:程序博客网 时间:2024/06/07 19:41
http://blog.csdn.net/zirconsdu/article/details/9129129
由于memcpy的实现使用了lr寄存器,所以当SIGSEGV发生在memcpy中时,Call Stack未必能很好地追踪出来。
这时可以根据Stack中地址上的符号寻找可能的函数,然后确定发生在memcpy中的是什么问题。
几个示例如下。
(1)
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint:
pid: 325, tid: 4048, name: ExtOutThread >>> /system/bin/mediaserver <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 41cfe000
r0 4180a190 r1 41cfddc0 r2 00000c00 r3 00000000
r4 4134dee0 r5 40071c18 r6 b3634400 r7 40fbf47c
r8 40fc0d30 r9 40fc0d7c sl 41cfe000 fp 4312deb0
ip 00000020 sp 4312de48 lr 00000280 pc 4019f29c cpsr 20000010
d0 0000000000000000 d1 0000000000000000
d2 0000000000000000 d3 0000000000000000
d4 0000000000000000 d5 0000000000000000
d6 0000000000000000 d7 0000000000000000
d8 0000000000000000 d9 0000000000000000
d10 0000000000000000 d11 0000000000000000
d12 0000000000000000 d13 0000000000000000
d14 0000000000000000 d15 0000000000000000
d16 20676e696c6c6143 d17 7274705f636e7973
d18 0000000000000000 d19 0000000000000000
d20 0000000000000000 d21 0000000000000000
d22 0000000000000000 d23 0000000000000000
d24 0000000000000000 d25 0000000000000000
d26 0000000000000000 d27 0000000000000000
d28 0000000000000000 d29 0000000000000000
d30 0000000000000000 d31 0000000000000000
scr 80000010
backtrace:
#00 pc 0000e29c /system/lib/libc.so
#01 pc 00026d78 /system/lib/hw/audio.primary.msm8960.so
stack:
4312de08 00000000
4312de0c 00000000
4312de10 00000000
4312de14 00000000
4312de18 00000000
4312de1c 00000000
4312de20 00000000
4312de24 7cea8fed
4312de28 40071c18
4312de2c 00000000
4312de30 00000000
4312de34 40fbf47c /system/lib/hw/audio.primary.msm8960.so
4312de38 00000020
4312de3c 7cea8fed
4312de40 df0027ad
4312de44 00000000
#00 4312de48 4180a010 r0
4312de4c 40fc0d7c /system/lib/hw/audio.primary.msm8960.so r9
#01 4312de50 00000000 r10
4312de54 40fb8e88 /system/lib/hw/audio.primary.msm8960.so (android_audio_legacy::ALSADevice::readFromProxy(void**, long*)+352) lr
4312de58 00000300
4312de5c 00000300
4312de60 00000157
4312de64 4312deb4 [stack:4048]
4312de68 4134de50 [heap]
4312de6c 00000000 r4
4312de70 4134ddc8 [heap] r5
4312de74 41915bc8 r6
4312de78 4180ac10 l7
4312de7c 4134de4c [heap] r8
4312de80 00000000 r9
4312de84 40fba94c /system/lib/hw/audio.primary.msm8960.so r10
4312de88 00003e80 r11
4312de8c 40fa8334 /system/lib/hw/audio.primary.msm8960.so (android_audio_legacy::AudioHardwareALSA::extOutThreadFunc()+488) lr
memory near r0:
4180a170 00000000 00000000 00000000 00000000 ................
4180a180 00000000 00000000 00000000 00000000 ................
4180a190 00000000 00000000 00000000 00000000 ................
4180a1a0 00000000 00000000 00000000 00000000 ................
4180a1b0 00000000 00000000 00000000 00000000 ................
memory near r1:
41cfdda0 ffffffff ffffffff ffffffff ffffffff ................
41cfddb0 ffffffff ffffffff ffffffff ffffffff ................
41cfddc0 ffffffff ffffffff ffffffff ffffffff ................
41cfddd0 ffffffff ffffffff ffffffff ffffffff ................
41cfdde0 ffffffff ffffffff ffffffff ffffffff ................
memory near r4:
4134dec0 00000000 00000000 00000000 00000000 ................
4134ded0 00000000 4127b638 419112c8 000000f3 ....8.'A...A....
4134dee0 40fc2ab0 6c616e61 4100676f 4134c327 .*.@analog.A'.4A
4134def0
可以看出,backtrace由于使用LR寄存器来反推,memcpy的调用函数并不对,所以得出的backtrace并不准确。
这时可以通过
4312de54 40fb8e88 /system/lib/hw/audio.primary.msm8960.so (android_audio_legacy::ALSADevice::readFromProxy(void**, long*)+352)
4312de8c 40fa8334 /system/lib/hw/audio.primary.msm8960.so (android_audio_legacy::AudioHardwareALSA::extOutThreadFunc()+488)
来确定调用栈。
(gdb) info symbol 'android_audio_legacy::ALSADevice::readFromProxy'
_ZN20android_audio_legacy10ALSADevice13readFromProxyEPPvPl in section .text
(gdb)disass 'android_audio_legacy::ALSADevice::readFromProxy' or
(gdb)disass _ZN20android_audio_legacy10ALSADevice13readFromProxyEPPvPl
Dump of assembler code for function android_audio_legacy::AudioHardwareALSA::extOutThreadFunc():
0x0000e14c <+0>: ldr r3, [r0, #116] ; 0x74
0x0000e150 <+4>: push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
0x0000e154 <+8>: cmp r3, #0
0x0000e158 <+12>: sub sp, sp, #52 ; 0x34
0x0000e15c <+16>: mov r5, r0
0x0000e160 <+20>: beq 0xe564 <android_audio_legacy::AudioHardwareALSA::extOutThreadFunc()+1048>
0x0000e164 <+24>: ldr r0, [r0, #8]
0x0000e168 <+28>: bl 0x1f484 <android_audio_legacy::ALSADevice::isProxyDeviceOpened()>
0x0000e16c <+32>: cmp r0, #0
...................................................
0x0000e2e8 <+412>: bl 0x8e10
0x0000e2ec <+416>: add sp, sp, #52 ; 0x34
0x0000e2f0 <+420>: pop {r4, r5, r6, r7, r8, r9, r10, r11, pc}
0x0000e2f4 <+424>: ldr r0, [r5, #8]
0x0000e2f8 <+428>: bl 0x1f484 <android_audio_legacy::ALSADevice::isProxyDeviceOpened()>
0x0000e2fc <+432>: cmp r0, #0
0x0000e300 <+436>: beq 0xe228 <android_audio_legacy::AudioHardwareALSA::extOutThreadFunc()+220>
0x0000e304 <+440>: ldr r0, [r5, #8]
0x0000e308 <+444>: bl 0x1f4ac <android_audio_legacy::ALSADevice::isProxyDeviceSuspended()>
0x0000e30c <+448>: cmp r0, #0
0x0000e310 <+452>: bne 0xe228 <android_audio_legacy::AudioHardwareALSA::extOutThreadFunc()+220>
0x0000e314 <+456>: cmp r9, #0
0x0000e318 <+460>: bne 0xe228 <android_audio_legacy::AudioHardwareALSA::extOutThreadFunc()+220>
0x0000e31c <+464>: mov r0, r8
0x0000e320 <+468>: bl 0x8e70
0x0000e324 <+472>: ldr r0, [r5, #8]
0x0000e328 <+476>: add r1, sp, #32
0x0000e32c <+480>: add r2, sp, #36 ; 0x24
0x0000e330 <+484>: bl 0x1ed28 <android_audio_legacy::ALSADevice::readFromProxy(void**, long*)>
0x0000e334 <+488>: subs r6, r0, #0
Dump of assembler code for function android_audio_legacy::ALSADevice::readFromProxy(void**, long*):
0x0001ed28 <+0>: push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
0x0001ed2c <+4>: sub sp, sp, #20
0x0001ed30 <+8>: mov r4, r0
0x0001ed34 <+12>: mov r11, r1
0x0001ed38 <+16>: str r2, [sp, #12]
0x0001ed3c <+20>: bl 0x1eb48 <android_audio_legacy::ALSADevice::initProxyParams()>
0x0001ed40 <+24>: mov r0, r4
0x0001ed44 <+28>: bl 0x1ebe4 <android_audio_legacy::ALSADevice::startProxy()>
0x0001ed48 <+32>: subs r6, r0, #0
0x0001ed4c <+36>: bne 0x1efc4 <android_audio_legacy::ALSADevice::readFromProxy(void**, long*)+668>
0x0001ed50 <+40>: ldr r7, [pc, #808] ; 0x1f080 <android_audio_legacy::ALSADevice::readFromProxy(void**, long*)+856>
.......................................................
0x0001ee64 <+316>: cmp r6, r3
0x0001ee68 <+320>: strhi r3, [r4, #224] ; 0xe0
0x0001ee6c <+324>: bl 0x9320
0x0001ee70 <+328>: mov r1, r0
0x0001ee74 <+332>: ldr r0, [r4, #184] ; 0xb8
0x0001ee78 <+336>: cmp r0, #0
0x0001ee7c <+340>: beq 0x1f068 <android_audio_legacy::ALSADevice::readFromProxy(void**, long*)+832>
0x0001ee80 <+344>: ldr r2, [r4, #180] ; 0xb4
=> 0x0001ee84 <+348>: bl 0x8f78
根据在同一个库文件中的extOutThreadFunc()和readFromProxy(...)的保存寄存器压栈个数和局部变量压栈字节,可以确认调用栈和数据栈的正确性。
本例的保存寄存器已经在数据栈中做了标注。
而且可以得到audio.primary.msm8960.so库的重定位偏移:
relocation offset of audio.primary.msm8960.so: 40fb8e88 - 0x1ee88 = 0x40F9A000.
从而调用栈如下:
#00 pc 0000e29c /system/lib/libc.so memcpy(...)
#01 pc 40fb8e88 /system/lib/hw/audio.primary.msm8960.so (android_audio_legacy::ALSADevice::readFromProxy(void**, long*)+352) lr
#02 pc 40fa8334 /system/lib/hw/audio.primary.msm8960.so (android_audio_legacy::AudioHardwareALSA::extOutThreadFunc()+488) lr
对应ALSADevice::readFromProxy源码如下:
2008ssize_t ALSADevice::readFromProxy(void **captureBuffer , ssize_t *bufferSize) {
2020 struct pcm * capture_handle = (struct pcm *)mProxyParams.mProxyPcmHandle;
2073 void *data = dst_address(capture_handle);
2074 //TODO: Return a pointer to AudioHardware
2075 if(mProxyParams.mCaptureBuffer == NULL)
2076 mProxyParams.mCaptureBuffer = malloc(mProxyParams.mCaptureBufferSize); /* NG, no malloc success test */
2077 memcpy(mProxyParams.mCaptureBuffer, (char *)data, mProxyParams.mCaptureBufferSize); !!!crash!!!
2079 mProxyParams.mX.frames -= mProxyParams.mFrames;
在memcpy中r0, r1, r2用来传参,大部分实现版本在copy过程中r0-r2会被修改,r0,r1会增加,r2会减少。
r10 is used for source address advance validity detection in every copy loop.
可以通过其汇编实现考察,多数情况下r0会被压栈保存。可以结合memcpy caller一起来获取更多信息。
本版本的memcpy会把{r0, r9, r10, lr}压栈,从而可知保存的目标buffer首地址。
本例中,从栈上得到r0的初始值为0x4180a010;很难从ALSADevice::readFromProxy(...)获得其它参数信息。
出错的指令是,ldr r3, [r10],使用r10探测一下源buffer界限是否还有效。
所以是源buffer不够长或者字节数太大。更多地,
r2 0x0c00 bytes will be copied in current copy loop.
r0 - r0_saved = 4180a190 - 4180a010(saved on stack) = 0x0180 bytes has been copied to destination.
Source buffer size is less than 0x280 less than 0xc00, and leads to the buffer violate access.
Reference:
use the minimum size as argument size to avoid crash.
(2)
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint:
pid: 309, tid: 27139, name: mediaserver >>> /system/bin/mediaserver <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 41be1000
r0 44f91c08 r1 41be0c40 r2 001d4c00 r3 00000000
r4 40e83863 r5 43415998 r6 00000640 r7 001d4c00
r8 000004b0 r9 00000000 sl 41be1000 fp 4081dec9
ip 00007030 sp 43bfcb80 lr 00000408 pc 4028171c cpsr 20000010
d0 0000000000000000 d1 0000000000000000
d2 0000000000000000 d3 0000000000000000
d4 0000000000000000 d5 0000000000000000
d6 0000000000000000 d7 0000000000000000
d8 0000000000000000 d9 0000000000000000
d10 0000000000000000 d11 0000000000000000
d12 0000000000000000 d13 0000000000000000
d14 0000000000000000 d15 0000000000000000
d16 46737365636f7270 d17 3d203120656d6172
d18 696f72646e612074 d19 656d6143513a3a64
d20 6d61657274536172 d21 776569766572705f
d22 7365636f72703a3a d23 7765697665725073
d24 3ff009bb63fc01c8 d25 000000000000374c
d26 0000000000000000 d27 0000000000000000
d28 0000000000000000 d29 0000000000003b66
d30 00000000000035bb d31 00000000000035ab
scr 60000010
backtrace:
#00 pc 0001871c /system/lib/libc.so
#01 pc 00000404 <unknown>
stack:
43bfcb40 ffffffff
43bfcb44 00000000
43bfcb48 fffffff0
43bfcb4c 43bfcba4 [stack:27139]
43bfcb50 4187de80
43bfcb54 00000001
43bfcb58 001d4c00
43bfcb5c 00000640
43bfcb60 001d4c00
43bfcb64 000004b0
43bfcb68 43bfcbd4 [stack:27139]
43bfcb6c 4081de4d /system/lib/libcameraservice.so
43bfcb70 4081dec9 /system/lib/libcameraservice.so
43bfcb74 4027af31 /system/lib/libc.so (dlcalloc+44)
43bfcb78 df0027ad
43bfcb7c 00000000
#00 43bfcb80 44f7e008
........ ........
#01 43bfcb80 44f7e008 r0
43bfcb84 43bfcbd4 [stack:27139] r9
43bfcb88 4081de4d /system/lib/libcameraservice.so r10
43bfcb8c 40e7ade3 /system/lib/hw/camera.msm8960.so (android::CustemedFace::processFrame(camera_memory*)+114) lr
43bfcb90 43415998
43bfcb94 43bfcbd4 [stack:27139]
43bfcb98 002bf200
43bfcb9c 42f12308
43bfcba0 43bfcc70 [stack:27139]
43bfcba4 42f12340
43bfcba8 40e8ad44 /system/lib/hw/camera.msm8960.so
43bfcbac 00000043
43bfcbb0 00000030
43bfcbb4 40e743b3 /system/lib/hw/camera.msm8960.so (android::QCameraStream_preview::processPreviewFrameWithDisplay(mm_camera_ch_data_buf_t*)+1306)
43bfcbb8 00000000
43bfcbbc 00000000
memory near r0:
44f91be8 00000000 00000000 00000000 00000000
44f91bf8 00000000 00000000 00000000 00000000
44f91c08 00000000 00000000 00000000 00000000
memory near r1:
41be0c20 ffffffff ffffffff ffffffff
同样可以看出backtrace有问题,从0001871c /system/lib/libc.so可以知道问题发生在memcpy()中且
0x0001871c <+220>: ldr r3, [r10]
同样是源buffer探测指令处。源buffer长度小于第三参数。
backtrace:
#00 pc 0001871c /system/lib/libc.so
#01 pc 40e7ade3 /system/lib/hw/camera.msm8960.so (android::CustemedFace::processFrame(camera_memory*)+114)
该栈打印出的地址好像有点错误,与反汇编出的代码地址不符。
r0_current - r0_saved = 0x44f91c08 - 0x44f7e008 = 0x13C00
r1_current 0x41be0c40
r2 001d4c00
588void CustemedFace::processFrame(camera_memory_t *mem) {
589 size_t size;
590 int width, height;
592 if (checkAndSetProcessingFrame()) {
593 // set the size of the gray scale map for the color format YUV420SP
594 size = (mem->size * 2) / 3;
596
597 // Avoid using mParameters.getPreviewSize as the parameter get / set is not safty in OS layer
598 // Add protection before calloc memory for mLuminanceMap
599 width = mQualcommCameraHardware->mPreviewWidth;
600 height = mQualcommCameraHardware->mPreviewHeight;
601
602 if (size == (size_t)(width * height)) {
604 // allocate the gray scale map to process
605 mLuminanceMap = (unsigned char *) calloc(size, sizeof(unsigned char));
606 if (mLuminanceMap) {
607 // copy the luminance from the frame with color format YUV420SP
608 memcpy(mLuminanceMap, (uint8_t *) mem->data, size);
(3)
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint:
pid: 166, tid: 946, name: Binder_2 >>> /system/bin/mediaserver <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 40217000
r0 40216ff0 r1 4149eb0c r2 fffff670 r3 0000000f
r4 400e1230 r5 ffffffff r6 4149e1fd r7 00000000
r8 400e10d8 r9 fffffffd sl 4031ba6c fp 00000001
ip e0000000 sp 4215ab30 lr 00000000 pc 402d9240 cpsr a0000010
d0 ae4c01642bc9b676 d1 f3d8a10701d62264
d2 51d1c9c899b526b5 d3 2c4466025d9d9d23
d4 1c1965106cb060dd d5 ef57a9e63c0f8a7b
d6 f58ae0ebc8c7e486 d7 e7abcebee67d0fed
d8 00000000003cff3f d9 0000000000000000
d10 0000000000000000 d11 0000000000000000
d12 0000000000000000 d13 0000000000000000
d14 0000000000000000 d15 0000000000000000
d16 ffffffffffffffff d17 ffffffffffffffff
d18 ffffffffffffffff d19 ffffffffffffffff
d20 ffffffffffffffff d21 ffffffffffffffff
d22 ffffffffffffffff d23 ffffffffffffffff
d24 3ff01272163691fc d25 0000000000000000
d26 0000000000000000 d27 0000000000000000
d28 0000000000000000 d29 0000000000000000
d30 0000000000000000 d31 0000000000000000
scr 20000010
backtrace:
#00 pc 0000e240 /system/lib/libc.so
#01 pc 000509d1 /system/lib/libmedia.so (android::AutoDetect::addString(char const*, int)+60)
#02 pc 000bc047 /system/lib/libstagefright.so (android::ID3::getEncodingSuggestion() const+58)
#03 pc 000bc263 /system/lib/libstagefright.so (android::ID3::ID3(android::sp<android::DataSource> const&, long long)+66)
这个调用栈是对的。
stack:
4215aaf0 00000000
4215aaf4 00000000
4215aaf8 4215ab50 [stack:946]
4215aafc 40935e67 /system/lib/libstagefright.so (android::ID3::Iterator::findFrame()+190)
4215ab00 4215ab50 [stack:946]
4215ab04 40935e67 /system/lib/libstagefright.so (android::ID3::Iterator::findFrame()+190)
4215ab08 00000000
4215ab0c 4097c772 /system/lib/libstagefright.so
4215ab10 00000000
4215ab14 00000000
4215ab18 00000000
4215ab1c 4215ab50 [stack:946]
4215ab20 4215ab68 [stack:946]
4215ab24 4215abf4 [stack:946]
4215ab28 df0027ad
4215ab2c 00000000
#00 4215ab30 40216741 r0
4215ab34 4038a9d5 /system/lib/libmedia.so (android::AutoDetect::addString(char const*, int)+64) lr
#01 4215ab38 4215abf4 [stack:946] r4
4215ab3c 4215ab4c [stack:946] r5
4215ab40 00001f40 r6
4215ab44 4093604b /system/lib/libstagefright.so (android::ID3::getEncodingSuggestion() const+62) lr
#02 4215ab48 00000000
4215ab4c ffffffff
4215ab50 4215abf4 [stack:946]
4215ab54 00000000
4215ab58 000061ea
4215ab5c 400e1230
4215ab60 4149e1fc
4215ab64 0000000a
4215ab68 400e1230
4215ab6c 4215abf4 [stack:946]
4215ab70 400e1230
4215ab74 40936267 /system/lib/libstagefright.so (android::ID3::ID3(android::sp<android::DataSource> const&, long long)+70)
#03 4215ab78 00000000
4215ab7c 400e10b8
4215ab80 400e10c8
4215ab84 408ddcb7 /system/lib/libstagefright.so (android::MP3Extractor::MP3Extractor(android::sp<android::DataSource> const&, android::sp<android::AMessage> const&)+594)
1141void AutoDetect::addString(const char* str, int numBytes) {
1142 // No need to store strings unless we will attempt to detect a two-byte encoding.
1143 if (str != NULL && mLocaleEncoding & ~kOneByteEncodings) {
1144 if (mAddedStringSize < mAddedStringLen + numBytes) {
1145 // Grow space
1146 while (mAddedStringSize < mAddedStringLen + numBytes) {
1147 mAddedStringSize += 128;
1148 }
1149 mAddedStrings = (char*)realloc(mAddedStrings, mAddedStringSize);
1150 }
1151
1152 if (mAddedStrings) {
1153 memcpy(mAddedStrings + mAddedStringLen, str, numBytes);
1154 mAddedStringLen += numBytes;
1155 }
1156 }
1157}
From the call trace and source code, the root cause is
When the MediaExtractor try to extract mp3 ID3 tag information, it encounters the SIGSEGV:SEGV_MAPERR crash when doing memcpy.
Dump of assembler code for function android::AutoDetect::addString(char const*, int):
0x00050994 <+0>: push {r4, r5, r6, lr}
0x00050996 <+2>: mov r4, r0
0x00050998 <+4>: mov r6, r1
0x0005099a <+6>: mov r5, r2
0x000509ca <+54>: mov r1, r6
0x000509cc <+56>: adds r0, r3, r2
0x000509ce <+58>: mov r2, r5
0x000509d0 <+60>: blx 0x3abb4
r4-r6 are not changed until crash occurs, so use current register value.
this pointer : r4 400e1230
src_buf str : r6 4149e1fd
numBytes : r5 ffffffff
Notice the {r0, lr} pushed by memcpy on the stack
#00 4215ab30 40216741
4215ab34 4038a9d5
r0 is the start address of destination in memcpy. dst_buf = 40216741.
So, memcpy(dst=0x40216741, src=0x4149e1fd, size_t num=0xffffffff) with invalid arg numBytes -1 which is promoted to unsigned int 0xffffffff.
The memcpy starts and encounters the unmapped destination page.
r0 40216ff0 r1 4149eb0c r2 fffff670 r3 0000000f
r0 40216741->40216ff0->40217000(fault addr).
r0_current - r0_saved = 0x40216ff0 - 0x40216741 + 1 = 0x8B0
r1_current - r1_saved = 0x4149eb0c - 0x4149e1fd + 1 = 0x910
[reference solution]
Add if(numBytes>0) statement.
[END]
- Issues maybe not well backtraced for memcpy
- Issues maybe not well backtraced for memcpy
- Some issues caused by memory parameter not well configed
- Windows Live is designed for you, but maybe not for your browser
- maybe
- Maybe
- maybe
- Clocking Issues for Synthesis
- "Issues ld: library not found for -liOS-Echarts"的第四种解决方法
- Piontcut is not well-formed
- Dig A Well For Yourself
- Well known ports for servers
- Outlook 2007 Issues for Developers
- Several practical issues for CUDA
- Not get deviceToken yet. Maybe: your certificate not configured APNs?
- Copy Right Reserved, But in China, It maybe not..
- An IPv6 issue maybe is not an IPv6 issue
- 解决firefox not well-formed错误
- 2014-03-16敲代码记录
- 第三章 函数编程(二)
- 黑马程序员 第6天 数组
- 更好利用Google搜索
- 堆和栈的区别
- Issues maybe not well backtraced for memcpy
- 按递增顺序列出所有分母为40,分子小于40的最简分数
- 小法师系列-9-番外-以及如何应对
- Android中的各种Adapter
- Ubuntu 13.04 配置MyEclipes 10.7环境
- LeetCode || Sort List
- 数据类型、运算符、流程控制、数组
- [黑马程序员]多线程_使用interrupt改变标识,从而结束线程
- Kubuntu 运行 qq2012 (QQ2012 for linux)
