search

bitdefender / bddisasm

bddisasm is a fast, lightweight, x86/x64 instruction decoder. The project also features a fast, basic, x86/x64 instruction emulator, designed specifically to detect shellcode-like behavior.
Apache License 2.0
875 stars 112 forks source link

panic in rust bindings when trying to get operands from decoded lea instruction #82

Closed lenawanel closed 1 year ago

lenawanel commented 1 year ago

executing the following code panics with 'called `Result::unwrap()` on an `Err` value: InternalError(0)', /home/<user>/.cargo/registry/src/index.crates.io-6f17d22bba15001f/bddisasm-0.2.1/src/decoded_instruction.rs:484:84

#[test]
fn bddisam_test() {
    // lea    rdi,[rdx+rax*8+0x8]
    let inst: [u8; 5] = [0x48, 0x8d, 0x7c, 0xc2, 0x8];
    let decoded_inst =
        bddisasm::DecodedInstruction::decode(&inst, bddisasm::DecodeMode::Bits64).unwrap();
    let _ = decoded_inst.operands();
}
Backtrace

``` thread 'tests::bddisam_test' panicked at 'called `Result::unwrap()` on an `Err` value: InternalError(0)', /home//.cargo/registry/src/index.crates.io-6f17d22bba15001f/bddisasm-0.2.1/src/decoded_instruction.rs:484:84 stack backtrace: 0: rust_begin_unwind at /rustc/dd5d7c729d4e8a59708df64002e09dbcbc4005ba/library/std/src/panicking.rs:593:5 1: core::panicking::panic_fmt at /rustc/dd5d7c729d4e8a59708df64002e09dbcbc4005ba/library/core/src/panicking.rs:67:14 2: core::result::unwrap_failed at /rustc/dd5d7c729d4e8a59708df64002e09dbcbc4005ba/library/core/src/result.rs:1651:5 3: core::result::Result::unwrap at /rustc/dd5d7c729d4e8a59708df64002e09dbcbc4005ba/library/core/src/result.rs:1076:23 4: bddisasm::decoded_instruction::DecodedInstruction::operands at /home//.cargo/registry/src/index.crates.io-6f17d22bba15001f/bddisasm-0.2.1/src/decoded_instruction.rs:484:17 5: ::tests::bddisam_test at ./src/lib.rs:15:17 6: ::tests::bddisam_test::{{closure}} at ./src/lib.rs:9:23 7: core::ops::function::FnOnce::call_once at /rustc/dd5d7c729d4e8a59708df64002e09dbcbc4005ba/library/core/src/ops/function.rs:250:5 8: core::ops::function::FnOnce::call_once at /rustc/dd5d7c729d4e8a59708df64002e09dbcbc4005ba/library/core/src/ops/function.rs:250:5 note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace. ```

this was encountered while trying to disassemble __libc_start_main from a compiled C binary. bddisasm crate version: "0.2.1".

ianichitei commented 1 year ago

Thanks for the bug report!

Since there's no ND_SIZE_* macro for 0 it was completely ignored. There's an argument to be made here against unwraping in functions such as operands and instead let the errors bubble up to the callers.

A fix is available in 0.3. Note that I did not check other parts of the code for similar errors yet.