Open swoops opened 1 year ago
0x100 is the blocksize yo uhave configured probably
The size of the instruction right now cant be bigger than the provided buffer . And thats tied to the blocksize. Imho you should handle this case in the pickle plugin
oh wait.. how big is the maxinstsize the plugin reportint? Because if thats correct then theres a bug in pd
The size of the instruction right now cant be bigger than the provided buffer
The updated pd is handles this in the retry section, it allocates a new buffer to use of a sufficient size (maxinstrsize+32). In this case it looks like this is occurring because pickle's R_ANAL_ARCHINFO_MAX_OP_SIZE is 129. So, what happens here is:
800495f8000000000000008cf44142434441424344414243444142434441424344414243444142434441424344414243444142434441424344414243444142434441424344414243444142434441424344414243444142434441424344414243444142434441424344414243444142434441424344414243444142434441424344414243444142434441424344414243444142434441424344414243444142434441424344414243444142434441424344414243444142434441424344414243444142434441424344414243444142434441424344414243444142434441424344414243444142434441424344414243444142434441424344414243445a5a5a
(note that it contains only the last 3 5a
bytes - one is cut off)To confirm, changing libr/arch/p/pickle/plugin.c
MAXSTRLEN to 256 fixes this since the buffer is large enough, but it would still fail with a sufficiently long string. So, the problem is the plugin's MAX_OP_SIZE. The snes plugin has the same problem of arbitrary length strings.
Imho this should be handled as payload. Not as the instruction size. Dalvik have similar instructions, the size of the payload is defined inside the instruction so it is not needed to read 1KB of data everytime we parse an instruction imho
It looks like that's a predefined payload size and not for arbitrary length NULL-terminated strings, I'm not sure how this is intended to be implemented.
No intention to implement this but if anybody have an idea or proposal it seems like a good time to do it before breaking the abi
Environment
Description
The
pd
command can get off track and does not jump the proper size forward before printing the next instruction. This error seems to hover around the 0x100 offset, so I suspect it has something to do with a buffer of that size.The size seems to be reported by the plugin. This is evident because rasm2 is able to correctly jump forward.
Test
Below shows the behavior. The one byte op
short_bincode
(0x8c) at offset 0xb, is followed by 0xf4 for string length, then 0xf4 bytes for the string. This means the next op should be found on 0x00000101 but pd prints the invalid op for the last character of the string "Z" at 0x100.Rasm2,
V
and pickletools gets it rightV
will mess up on a larger string though:But when I move the cursor closer to the 0xb opcode,
V
starts fixing itself:I will look into it eventually but I don't know much about
pd
.files.zip