Add logic for grabbing file descriptor from FILE struct in fileno procedure

angr / simuvex

[DEPRECATED] A symbolic execution engine for the VEX IR

BSD 2-Clause "Simplified" License

79 stars 57 forks source link

Add logic for grabbing file descriptor from FILE struct in fileno procedure #84

Closed ekilmer closed 7 years ago

ekilmer commented 7 years ago

This is based off where the fopen procedure places fd in the struct.

I'm not sure what to put for self.argument_types since there isn't any indication of what fopen uses.

ekilmer commented 7 years ago

I also noticed that fclose has a different method of obtaining fd:

fclose:

# Resolve file descriptor
fd_offset = io_file_data_for_arch(self.state.arch)['fd']
fileno = self.state.mem[fd_p + fd_offset:].int.resolved

zardus commented 7 years ago

Yeah, it's using the typed memory access, which it probably should not be. We'll probably want to fix it...

@salls, would you mind taking a look at the diff in this PR? IIRC, you're the one that made this fd lookup code. Looks good to me, but as we probably don't have testcases for this, I just want to make sure :-)

zardus commented 7 years ago

Cool, thanks! @ekilmer, could you make the addition that salls suggested?

ekilmer commented 7 years ago

I couldn't find any examples using SimTypePointer, so I copied and pasted @salls suggestion [1], which seems to work. self.argument_types = {0: SimTypePointer(f)} also worked [2], but self.argument_types = {0: SimtypePointer()} didn't. Which of the two working implementations is more correct, [1] or [2]? Or does it not matter?

The other simprocedures create an instance of the type for their argument_types.

Thank you.

salls commented 7 years ago

It looks like you can do self.ty_ptr(SimTypeTop()) to make a SimTypePointer.

salls commented 7 years ago

Thanks! This has been merged. Github won't see that it was merged because I squashed a couple commits