Open bannsec opened 7 years ago
salls
commented
7 years ago Does it actually force it? Looking at the code my guess is that it will be more likely to choose to add a newline because of how the constraints are structures and how z3 solves it. The code looks like it should be able to not include a newline if it hits EOF, let me know if this is not the case
bannsec
commented
7 years ago So, I've noticed that my test case is behaving differently on two systems. One of them, my main box, is simple Ubuntu and uses the git script from angr-dev to set up the environment. In that one, things work as you would expect.
My other environment (well, one of many), is a CentOS box that runs angr based off of pip. Not sure what the reason is, but on this box angr seems to behave a bit differently, and have noticed the newline problems on this one.
At this point i'm unsure what i should do. I can't reliably reproduce it using the Ubutnu git based install, so maybe it's just something funny with pip? Thinking about just closing this issue until I can reliably reproduce it off of the git repo.
rhelmot
commented
7 years ago In my mind, this indicates that this is an issue with the nondeterminism in the solutions that z3 produces when asked for a single solution when multiple are available. Compilation differences between platforms could account for that.
On Sat, Jan 28, 2017 at 11:52 PM, Owlz notifications@github.com wrote:
So, I've noticed that my test case is behaving differently on two systems. One of them, my main box, is simple Ubuntu and uses the git script from angr-dev to set up the environment. In that one, things work as you would expect.
My other environment (well, one of many), is a CentOS box that runs angr based off of pip. Not sure what the reason is, but on this box angr seems to behave a bit differently, and have noticed the newline problems on this one.
At this point i'm unsure what i should do. I can't reliably reproduce it using the Ubutnu git based install, so maybe it's just something funny with pip? Thinking about just closing this issue until I can reliably reproduce it off of the git repo.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/angr/simuvex/issues/62#issuecomment-275899583, or mute the thread https://github.com/notifications/unsubscribe-auth/ACYg9RtPcuTPovGwQaWkC24cj8AvQyjeks5rXEUmgaJpZM4LjvA5 .
Playing around with an app that uses fgets, when the fgets SimProcedure notices that it runs out of room, it appears to prefer to force a newline character. While that's a valid character, it likely shouldn't force the newline at that point since the implicit EOF after that newline would be the end of fgets processing.
This seems to open the fgets simprocedure up to a very slight misinterpretation of valid fgets input.