search

crytic / ethersplay

EVM dissassembler
GNU Affero General Public License v3.0
834 stars 116 forks source link

Numerous tracebacks on Master #33

Closed gaasedelen closed 5 years ago

gaasedelen commented 6 years ago

Today I pulled master, and selected a contract at random from recent transactions on etherescan.io: https://etherscan.io/address/0x2a0c0dbecc7e4d658f48e01e3fa353f44050c208

As ethersplay begins exploring the contract, it spews hundreds of tracebacks:

Traceback (most recent call last):
  File "_ctypes/callbacks.c", line 314, in 'calling callback function'
  File "C:\tools\disassemblers\BinaryNinja\plugins\..\python\binaryninja\architecture.py", line 521, in _get_instruction_text
    info = self.get_instruction_text(buf.raw, addr)
  File "C:\Users\user\AppData\Roaming\Binary Ninja\plugins\ethersplay\evm.py", line 290, in get_instruction_text
    instruction = EVMAsm.disassemble_one(data, addr)
  File "C:\Users\user\AppData\Roaming\Binary Ninja\plugins\ethersplay\evmasm.py", line 561, in disassemble_one
    opcode = ord(next(bytecode))
StopIteration
Traceback (most recent call last):
  File "_ctypes/callbacks.c", line 314, in 'calling callback function'
  File "C:\tools\disassemblers\BinaryNinja\plugins\..\python\binaryninja\architecture.py", line 552, in _free_instruction_text
    raise ValueError("freeing token list that wasn't allocated")
ValueError: freeing token list that wasn't allocated
Traceback (most recent call last):
  File "C:\tools\disassemblers\BinaryNinja\plugins\..\python\binaryninja\binaryview.py", line 234, in _function_updated
    self.notify.function_updated(self.view, function.Function(self.view, core.BNNewFunctionReference(func)))
  File "C:\Users\user\AppData\Roaming\Binary Ninja\plugins\ethersplay\analysis.py", line 234, in function_updated
    function_dynamic_jump_start(view, func)
  File "C:\Users\user\AppData\Roaming\Binary Ninja\plugins\ethersplay\stack_value_analysis.py", line 821, in function_dynamic_jump_start
    sv.explore()
  File "C:\Users\user\AppData\Roaming\Binary Ninja\plugins\ethersplay\stack_value_analysis.py", line 805, in explore
    elems = [filter_vals(x.get_vals()) for x in elems]
  File "C:\Users\user\AppData\Roaming\Binary Ninja\plugins\ethersplay\stack_value_analysis.py", line 798, in filter_vals
    if None in vals:
TypeError: argument of type 'NoneType' is not iterable

This was the first contract I pulled :-x

POC: 0x2a0c0dbecc7e4d658f48e01e3fa353f44050c208.zip

joshwatson commented 6 years ago

I’ll look into it but it looks like the first one is the disassembled encountering an improper instruction, like a push that doesn’t have enough bytes following it

joshwatson commented 6 years ago

Can you pull recent changes and check this again on some other contracts? I'm pretty sure that #38 was the culprit, because I just ran the above POC and it no longer fails.