Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

angrop crashes: AssertionError #19

Closed
zzh1996 opened this issue Jul 28, 2017 · 5 comments
Closed

angrop crashes: AssertionError #19

zzh1996 opened this issue Jul 28, 2017 · 5 comments
Labels
stale

Comments

@zzh1996
Copy link

zzh1996 commented Jul 28, 2017
edited
Loading

I am running angrop in the following code (Python 2.7.13):

import angr
import angrop
project = angr.Project('rop', auto_load_libs=False)
rop = project.analyses.ROP()
rop.find_gadgets()
rop.execve("/bin/sh").print_payload_code()

When the progress bar is at about 20%, I get this error:

Traceback (most recent call last):
  File "./roptest.py", line 5, in <module>
    rop.find_gadgets()
  File "/usr/local/lib/python2.7/dist-packages/angrop/rop.py", line 126, in find_gadgets
    for gadget in it:
  File "/usr/lib/python2.7/multiprocessing/pool.py", line 287, in <genexpr>
    return (item for chunk in result for item in chunk)
  File "/usr/lib/python2.7/multiprocessing/pool.py", line 668, in next
    raise value
AssertionError
@salls
Copy link
Member

salls commented Aug 2, 2017

I need to see what the underlying error is.
Run with rop.find_gadgets_single_threaded() and post the traceback

@zzh1996
Copy link
Author

zzh1996 commented Aug 3, 2017 

Traceback (most recent call last):                   | ETA:  0:13:03 106.70  B/s
  File "findrop.py", line 8, in <module>
    rop.find_gadgets_single_threaded()
  File "/usr/local/lib/python2.7/dist-packages/angrop/rop.py", line 158, in find_gadgets_single_threaded
    gadget = _global_gadget_analyzer.analyze_gadget(addr)
  File "/usr/local/lib/python2.7/dist-packages/angrop/gadget_analyzer.py", line 59, in analyze_gadget
    symbolic_p = rop_utils.step_to_unconstrained_successor(self.project, state=symbolic_state)
  File "/usr/local/lib/python2.7/dist-packages/angrop/rop_utils.py", line 216, in step_to_unconstrained_successor
    successors = p.step()
  File "/usr/local/lib/python2.7/dist-packages/angr/path.py", line 206, in step
    self._make_successors(throw=throw)
  File "/usr/local/lib/python2.7/dist-packages/angr/path.py", line 239, in _make_successors
    self._run = self._project.factory.successors(self.state, **self._run_args)
  File "/usr/local/lib/python2.7/dist-packages/angr/factory.py", line 77, in successors
    r = engine.process(state, inline=inline,**kwargs)
  File "/usr/local/lib/python2.7/dist-packages/simuvex/engines/vex/engine.py", line 101, in process
    opt_level=opt_level)
  File "/usr/local/lib/python2.7/dist-packages/simuvex/engines/engine.py", line 44, in process
    self._process(new_state, successors, *args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/simuvex/engines/vex/engine.py", line 134, in _process
    self._handle_irsb(state, successors, irsb, skip_stmts, last_stmt, whitelist)
  File "/usr/local/lib/python2.7/dist-packages/simuvex/engines/vex/engine.py", line 203, in _handle_irsb
    self._handle_statement(state, successors, stmt)
  File "/usr/local/lib/python2.7/dist-packages/simuvex/engines/vex/engine.py", line 310, in _handle_statement
    s_stmt = translate_stmt(stmt, state)
  File "/usr/local/lib/python2.7/dist-packages/simuvex/engines/vex/statements/__init__.py", line 29, in translate_stmt
    s.process()
  File "/usr/local/lib/python2.7/dist-packages/simuvex/engines/vex/statements/base.py", line 20, in process
    self._execute()
  File "/usr/local/lib/python2.7/dist-packages/simuvex/engines/vex/statements/wrtmp.py", line 6, in _execute
    data = self._translate_expr(self.stmt.data)
  File "/usr/local/lib/python2.7/dist-packages/simuvex/engines/vex/statements/base.py", line 27, in _translate_expr
    e = translate_expr(expr, self.state)
  File "/usr/local/lib/python2.7/dist-packages/simuvex/engines/vex/expressions/__init__.py", line 14, in translate_expr
    e.process()
  File "/usr/local/lib/python2.7/dist-packages/simuvex/engines/vex/expressions/base.py", line 36, in process
    self._execute()
  File "/usr/local/lib/python2.7/dist-packages/simuvex/engines/vex/expressions/ccall.py", line 23, in _execute
    self.expr, retval_constraints = func(self.state, *s_args)
  File "/usr/local/lib/python2.7/dist-packages/simuvex/engines/vex/ccall.py", line 979, in x86g_calculate_daa_das_aaa_aas
    assert False
AssertionError

@zardus
Copy link
Member

zardus commented Aug 3, 2017

Uh oh... With all the different things angr is used for, asserts should almost never end up in the code! They're almost guaranteed to get triggered by something and to cause some major analysis issues.

Changing that assert to a raise SimCCallError("unimplemented case in x86g_calculate_daa_das_aaa_aas, but NOT AN ASSERT") should fix the issue, and that gadget should just be ignored. After the simuvex-angr merge, this file is now in the angr package (angr/engines/vex/ccall.py).

@github-actions
Copy link

This issue has been marked as stale because it has no recent activity. Please comment or add the pinned tag to prevent this issue from being closed.

@github-actions github-actions bot added the stale label May 18, 2022
@github-actions
Copy link

This issue has been closed due to inactivity.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zardus @salls @zzh1996