REVENG -g crashes the client - Githubissues

iceman1001 / proxmark3

[Deprecated] Iceman Fork, the most totally wicked fork around if you are into proxmark3

http://www.icedev.se/pm3.aspx

GNU General Public License v2.0

465 stars 116 forks source link

REVENG -g crashes the client #64

Closed iceman1001 closed 6 years ago

iceman1001 commented 7 years ago

With the update of reveng to 1.4.4, it now crasches on the client sometimes.

iceman1001 commented 7 years ago

Updated RevEng to v.1.5.2 . Still breaks the client reveng -g on mingw and doesn't work at all on Ubuntu

iceman1001 commented 6 years ago

Sorry to ask, but @pwpiwi these kinds of memory crashes is for you. Would you mind having a look at it? Offical pm3 will need to update its reveng also to this version.

pwpiwi commented 6 years ago

How do you make it crash?

iceman1001 commented 6 years ago

reveng -g + a decent long string of hex..
Complains on ubuntu that it doesnt have presents.. ie the crc models didn't get compiled in. on mingw it crashed...
script run e -h also uses reveng.. that one trigger bug aswell

pwpiwi commented 6 years ago

a decent long string

How long is "decent"?

iceman1001 commented 6 years ago

this one crashes on mingw
script run e -b 010203040506070809

iceman1001 commented 6 years ago

on ubuntu 16.04 -- the compilation somehow doesnt load the preset models... pm3 --> rev -g 010203205060780 no preset models available

bogiton commented 6 years ago

Sorry to bring this up again, but I just came across this crash myself. Tried to spot the issue, by diving into the source code, and I think that the crash happens in the mbynam function of the preset.c file where the strlen of the key (model) is called, in line 765. if(!(ukey = malloc((size_t) 1 + strlen(key)))) { I guess that the '\0' char is missing from it, thus the strlen call makes it crash. Couldn't set up a working dev environment to properly debug this, sadly.

iceman1001 commented 6 years ago

if you have ubuntu, it goes kind of fast for gdb..

bogiton commented 6 years ago

I think I'm really spoiled with the GUIs to go back to gdb :) But yeah, if nothing else works and no one else fixes it, I will have to live with that! By the way, I just noticed that the "script run e -b <hexstring>" also crashes unless the -w option is passed.

iceman1001 commented 6 years ago

got ride of first simple bug, make script run e exit nicely when no models found. doesn't take away the underlaying problem.

iceman1001 commented 6 years ago

got ride of second bug, script run e there was an empty string in the first call..

iceman1001 commented 6 years ago

some more bugs, default value for width if called, and push lua error if no models found.

still the serious memory bug left... try calling below a couple of times to trigger it. script run e -b 010203 -w 1

ubuntu to the save
munmap_chunk(): invalid pointer: 0xb689a850

iceman1001 commented 6 years ago

script run e -b is fixed windows/mingw. a missing compilation macro :)

reveng -g 01020304054065 now smashes the stack... :(

iceman1001 commented 6 years ago

ok, found it and pushed a fix. It should work just fine now!

bogiton commented 6 years ago

wow! very good job! :+1: