search

SkyLined / BugId

Detect, analyze and uniquely identify crashes in Windows applications
https://bugid.skylined.nl
Other
499 stars 90 forks source link

unsupported operand type(s) for <<: 'list' and 'int' #106

Closed soiax closed 2 years ago

soiax commented 2 years ago

This happens after it tries the collateral thing after an UAF, in 64bit acrobat reader. mBugId version: 2022-02-17 20:43

│ unsupported operand type(s) for <<: 'list' and 'int'
│
│ Local variables:
│   .0 = <range_iterator object at 0x000002612F093DF0>#2612F093DF0
│   au0FlagValues = [0, 0, 1, 1, 1, 0]#2613015F1C0
│   uIndex = 0
│
│ Stack for thread 45760/0xB2C0 (cThread#2612F0B33D0{main = __fRun, #45760, running}):
│ ─┐ __fRun @ D:\shared\BugId\modules\mBugId\cCdbWrapper\cCdbWrapper_cHelperThread.py/66
│  │ 65:      try:
│  │ 66:        oSelf.__fActivity(*oSelf.__axActivityArguments);
│  ├─┐ cCdbWrapper_fCdbStdInOutHelperThread @ D:\shared\BugId\modules\mBugId\cCdbWrapper\cCdbWrapper_fCdbStdInOutHelperThread.py/54
│  ╷ │ 53:    oCdbWrapper.fbFireCallbacks("Log message", "Main loop #%d" % uMainLoopCounter);
│  ╷ │ 54:    (bEventIsFatal, bEventHasBeenHandled) = oCdbWrapper.ftbHandleLastCdbEvent(asbOutputWhileRunningApplication);
│  ╷ ╷ │ 221:  # If we cannot ignore this bug, stop execution:
│  ╷ ╷ │ 222:  if not oCdbWrapper.oCollateralBugHandler.fbTryToIgnoreException():
│  ╷ ╷ ├─┐ cCollateralBugHandler?.fbTryToIgnoreException @ D:\shared\BugId\modules\mBugId\cCollateralBugHandler.py/76
│  ╷ ╷ ╷ │ 75:    oSelf.__fbIgnoreException = None;
│  ╷ ╷ ╷ │ 76:    return fbIgnoreException(oSelf);
│  ╷ ╷ ╷ ├─┐ <lambda> @ D:\shared\BugId\modules\mBugId\mAccessViolation\fbUpdateReportForHeapManagerPointer.py/134
│  ╷ ╷ ╷ ╷ │ 133:  oCdbWrapper.oCollateralBugHandler.fSetIgnoreExceptionFunction(lambda oCollateralBugHandler:
│  ╷ ╷ ╷ ╷ │ 134:    fbIgnoreAccessViolationException(oCollateralBugHandler, oCdbWrapper, oProcess, oThread, sViolationTypeId, u0PointerSizedOriginalValue)
│  ╷ ╷ ╷ ╷ ├─┐ fbIgnoreAccessViolationException @ D:\shared\BugId\modules\mBugId\mAccessViolation\fbIgnoreAccessViolationException.py/177
│  ╷ ╷ ╷ ╷ ╷ │ 176:        );
│  ╷ ╷ ╷ ╷ ╷ │ 177:      uCurrentValue = sum(
│  ╷ ╷ ╷ ╷ ╷ ├─┐ <genexpr> @ D:\shared\BugId\modules\mBugId\mAccessViolation\fbIgnoreAccessViolationException.py/178
│  ╷ ╷ ╷ ╷ ╷ ╷ │ 177:      uCurrentValue = sum(
│  ╷ ╷ ╷ ╷ ╷ ╷ │ 178:        au0FlagValues << uIndex
│  ╒═══════════╛ ▲ TypeError("unsupported operand type(s) for <<: 'list' and 'int'")
│  │ __fRun @ D:\shared\BugId\modules\mBugId\cCdbWrapper\cCdbWrapper_cHelperThread.py/74
│  │ 73:        cException, oException, oTraceBack = sys.exc_info();
│  │ 74:        if not oSelf.__oCdbWrapper.fbFireCallbacks("Internal exception", oSelf.__oThread, oException, oTraceBack):
│ ═╛ ▲ Application terminated because exception was not handled.
soiax commented 2 years ago

it was at : cmp word ptr [rdx+rax*2],r10w // current instruction

SkyLined commented 2 years ago

Thank you for reporting!

I have also encountered this issue myself and already have a fix! Unfortunately, I have not yet uploaded it to GitHub, as I haven't had time to test all the changes I made,

You can manually fix it by changing this line: D:\shared\BugId\modules\mBugId\mAccessViolation\fbIgnoreAccessViolationException.py/178 to:

        au0FlagValues[uIndex] << uIndex

(Notice that it adds [uIndex] to that line, which resolves the issue).

I hope this resolves the issue for you. If you find anything else wrong, let me know!