strstr passes None to solver.
Mic92 opened this issue · 9 comments
Mic92 commented
Traceback (most recent call last):
File "/local/incoop/hase/hase/symbex/tracer.py", line 371, in execute
state, num_inst=1 # , force_addr=addr
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/factory.py", line 49, in successors
return self.project.engines.successors(*args, **kwargs)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/engines/hub.py", line 128, in successors
r = engine.process(state, **kwargs)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/engines/hook.py", line 51, in process
return self.project.factory.procedure_engine.process(state, procedure, force_addr=force_addr, **kwargs)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/engines/procedure.py", line 31, in process
force_addr=force_addr)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/engines/engine.py", line 55, in process
self._process(new_state, successors, *args, **kwargs)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/engines/procedure.py", line 65, in _process
inst = procedure.execute(state, successors, ret_to=ret_to)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/sim_procedure.py", line 174, in execute
r = getattr(inst, inst.run_func)(*sim_args, **inst.kwargs)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/procedures/libc/strstr.py", line 78, in run
super().run(haystack_strlen, needle_addr, haystack_strlen, needle_strlen)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/procedures/libc/strstr.py", line 19, in run
haystack_strlen = self.inline_call(strlen, haystack_addr) if haystack_strlen is None else haystack_strlen
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/sim_procedure.py", line 289, in inline_call
return p.execute(self.state, None, arguments=e_args)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/sim_procedure.py", line 174, in execute
r = getattr(inst, inst.run_func)(*sim_args, **inst.kwargs)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/procedures/libc/strlen.py", line 81, in run
return super().run(s, wchar)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/procedures/libc/strlen.py", line 56, in run
r, c, i = self.state.memory.find(s, null_seq, search_len, max_symbolic_bytes=max_symbolic_bytes, step=step, chunk_size=chunk_size)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/storage/memory.py", line 869, in find
step=step, disable_actions=disable_actions, inspect=inspect, chunk_size=chunk_size)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/state_plugins/symbolic_memory.py", line 592, in _find
disable_actions=disable_actions, inspect=inspect)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/storage/memory.py", line 764, in load
events=not disable_actions, ret_on_segv=ret_on_segv)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/state_plugins/symbolic_memory.py", line 531, in _load
if self.state.solver.symbolic(dst) and options.AVOID_MULTIVALUED_READS in self.state.options:
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/state_plugins/solver.py", line 814, in symbolic
return e.symbolic
AttributeError: 'NoneType' object has no attribute 'symbolic'
Mic92 commented
ERROR | 2018-11-28 15:58:12,811 | root | Error while finding successor for recordings/file-3-4a51454.tar.gz
Traceback (most recent call last):
File "/local/incoop/hase/hase/symbex/tracer.py", line 378, in execute
state, num_inst=1 # , force_addr=addr
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/factory.py", line 49, in successors
return self.project.engines.successors(*args, **kwargs)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/engines/hub.py", line 128, in successors
r = engine.process(state, **kwargs)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/engines/hook.py", line 51, in process
return self.project.factory.procedure_engine.process(state, procedure, force_addr=force_addr, **kwargs)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/engines/procedure.py", line 31, in process
force_addr=force_addr)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/engines/engine.py", line 55, in process
self._process(new_state, successors, *args, **kwargs)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/engines/procedure.py", line 65, in _process
inst = procedure.execute(state, successors, ret_to=ret_to)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/sim_procedure.py", line 174, in execute
r = getattr(inst, inst.run_func)(*sim_args, **inst.kwargs)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/procedures/libc/strstr.py", line 78, in run
super().run(haystack_strlen, needle_addr, haystack_strlen, needle_strlen)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/procedures/libc/strstr.py", line 19, in run
haystack_strlen = self.inline_call(strlen, haystack_addr) if haystack_strlen is None else haystack_strlen
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/sim_procedure.py", line 289, in inline_call
return p.execute(self.state, None, arguments=e_args)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/sim_procedure.py", line 174, in execute
r = getattr(inst, inst.run_func)(*sim_args, **inst.kwargs)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/procedures/libc/strlen.py", line 81, in run
return super().run(s, wchar)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/procedures/libc/strlen.py", line 56, in run
r, c, i = self.state.memory.find(s, null_seq, search_len, max_symbolic_bytes=max_symbolic_bytes, step=step, chunk_size=chunk_size)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/storage/memory.py", line 869, in find
step=step, disable_actions=disable_actions, inspect=inspect, chunk_size=chunk_size)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/state_plugins/symbolic_memory.py", line 592, in _find
disable_actions=disable_actions, inspect=inspect)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/storage/memory.py", line 764, in load
events=not disable_actions, ret_on_segv=ret_on_segv)
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/state_plugins/symbolic_memory.py", line 531, in _load
if self.state.solver.symbolic(dst) and options.AVOID_MULTIVALUED_READS in self.state.options:
File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/state_plugins/solver.py", line 814, in symbolic
return e.symbolic
AttributeError: 'NoneType' object has no attribute 'symbolic'
Airtnp commented
Is your angr version updated to current hack? That may be the strlen not return error solved in previous angr hack commits
Airtnp commented
To be precise, is angr/**/libc/strlen.py has return before super()?
Mic92 commented
If you made fixes to angr, can you put the updated hash here?
https://github.com/hase-project/hase/blob/master/setup.py#L14
Airtnp commented
Oh it's not the case. What are the problematic traces?
Mic92 commented
It should be in file-3-4a51454.tar.gz. But I saw the same error in other file bugs.
Airtnp commented
Oh it's misspelling error here. https://github.com/hase-project/angr/blob/angr-hacks-8.18.10.25/angr/procedures/libc/strstr.py#L78
Airtnp commented
solved in hase-project/angr#2
Mic92 commented
Btw. you can also write fixes #<issuenumber> in the commit message to automatically close issues.