Cannot store pointer wrapper data during simulation running

[Muqi-Zou]

I am using the newest version of angr-dev to run the following analysis code on a binary:

import angr
import traceback
import claripy
import sys
import os
from claripy.backends.backend_smtlib_solvers import *

filepath_originalclang = sys.argv[1]
required_function = sys.argv[3]
p = angr.Project(filepath_originalclang)
required_address = p.loader.find_symbol(required_function).rebased_addr
arg1 = claripy.BVS('angr_arg1', 256*8)
arg1 = angr.PointerWrapper(arg1)

state = p.factory.call_state(required_address,arg1,add_options={angr.options.ZERO_FILL_UNCONSTRAINED_MEMORY,angr.options.ZERO_FILL_UNCONSTRAINED_REGISTERS},remove_options=angr.options.simplification)

sm = p.factory.simulation_manager(state)
sm.run()

and received following errors:

WARNING | 2022-07-12 03:05:51,343 | angr.analyses.cfg.cfg_fast | "auto_load_libs" is enabled. With libraries loaded in project, CFGFast will cover libraries, which may take significantly more time than expected. You may reload the binary with "auto_load_libs" disabled, or specify "regions" to limit the scope of CFG recovery.
0x400970
WARNING | 2022-07-12 03:05:51,511 | angr.calling_conventions | Guessing call prototype. Please specify prototype.
Traceback (most recent call last):
  File "angr_running3.py", line 20, in <module>
    state = p.factory.call_state(required_address,arg1,add_options={angr.options.ZERO_FILL_UNCONSTRAINED_MEMORY,angr.options.ZERO_FILL_UNCONSTRAINED_REGISTERS},remove_options=angr.options.simplification)
  File "/home/friends/muqi/angr-dev-github2/angr-dev/angr/angr/factory.py", line 153, in call_state
    return self.project.simos.state_call(addr, *args, **kwargs)
  File "/home/friends/muqi/angr-dev-github2/angr-dev/angr/angr/simos/simos.py", line 263, in state_call
    cc.setup_callsite(state, ret_addr, args, prototype, stack_base, alloc_base, grow_like_stack)
  File "/home/friends/muqi/angr-dev-github2/angr-dev/angr/angr/calling_conventions.py", line 769, in setup_callsite
    vals = [self._standardize_value(arg, ty, state, allocator.dump) for arg, ty in zip(args, prototype.args)]
  File "/home/friends/muqi/angr-dev-github2/angr-dev/angr/angr/calling_conventions.py", line 769, in <listcomp>
    vals = [self._standardize_value(arg, ty, state, allocator.dump) for arg, ty in zip(args, prototype.args)]
  File "/home/friends/muqi/angr-dev-github2/angr-dev/angr/angr/calling_conventions.py", line 895, in _standardize_value
    raise TypeError(f"Failed to store pointer-wrapped data ({e.args[0]}). "
TypeError: Failed to store pointer-wrapped data (Type mismatch: expected char, got 2048 bits). Do you want a PointerWrapper(buffer=True)?

The function I am running is decompiled by angr as followed:

int av_dirname(char *a0)
{
    unsigned long long v1;  // rax
    char *v2;  // rax
    unsigned long long v3;  // r12

    v3 = ".";
    if (a0 != 0)
    {
        v2 = strrchr(a0, 0x2f);
        if (v2 != 0)
        {
            *(v2) = 0;
            v3 = a0;
            v1 = v3;
            return v1;
        }
        v1 = v3;
        return v1;
    }
    v1 = v3;
    return v1;
}

Btw, using the same script and binary, it runs without error in my older angr, whose version is 9.0.gitroll.

[Muqi-Zou]

avstring.zip I use python angr_running3.py avstring 0 av_dirname to run the script.

[rhelmot]

The error message instructs you to set buffer=True on your pointerwrapper, have you tried that?

[rhelmot]

See https://docs.angr.io/appendix/migration

[Muqi-Zou]

It works! thanks! for the provided info!