search

HexHive / retrowrite

RetroWrite -- Retrofitting compiler passes through binary rewriting
Other
655 stars 78 forks source link

Exception: 'struct.error: unpack requires a buffer of 4 bytes' when using hardcoded strings shorter than 4 bytes in external function calls #10

Closed kbeckmann closed 3 years ago

kbeckmann commented 4 years ago

test.c:

#include <stdlib.h>

int main(int argc, char *argv[])
{
        return system("ls");
}

Compile and run asantool on the binary:

$ gcc test.c -o test
$ python3 -m rwtools.asan.asantool test test_instr
[*] Relocations for a section that's not loaded: .rela.dyn
[*] Relocations for a section that's not loaded: .rela.plt
Traceback (most recent call last):
  File "/usr/lib/python3.8/runpy.py", line 193, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/usr/lib/python3.8/runpy.py", line 86, in _run_code
    exec(code, run_globals)
  File "/home/konrad/dev/retrowrite/rwtools/asan/asantool.py", line 83, in <module>
    rewriter = do_symbolization(args.binary, args.outfile)
  File "/home/konrad/dev/retrowrite/rwtools/asan/asantool.py", line 30, in do_symbolization
    rw.symbolize()
  File "/home/konrad/dev/retrowrite/librw/rw.py", line 57, in symbolize
    symb.symbolize_text_section(self.container, None)
  File "/home/konrad/dev/retrowrite/librw/rw.py", line 145, in symbolize_text_section
    self.symbolize_switch_tables(container, context)
  File "/home/konrad/dev/retrowrite/librw/rw.py", line 228, in symbolize_switch_tables
    value = rodata.read_at(swbase, 4)
  File "/home/konrad/dev/retrowrite/librw/container.py", line 316, in read_at
    value = struct.unpack(
struct.error: unpack requires a buffer of 4 bytes
316  ->         value = struct.unpack(
317                 "<I",
318                 bytes([x.value for x in self.cache[cacheoff:cacheoff + sz]]))[0]

(Pdb) sz
4
(Pdb) len(self.cache[cacheoff:cacheoff + sz])
3

Edit: Just realized that I didn't compile the binary with the -fPIE flag. The same error still shows up if this flag is passed to gcc, or if it's built with -shared.

jeanmi151 commented 3 years ago

We fixed this issue in the last commit ( 20f53c0bb23bb6d7bef6515e31b608ed62d3020f ). Please let us know if you get any other issue.

kbeckmann commented 3 years ago

Awesome!