Assertion failure on if-then-else aliases

vusec / inspectre-gadget

InSpectre Gadget: in-depth inspection and exploitability analysis of Spectre disclosure gadgets

https://vusec.github.io/inspectre-gadget/

Apache License 2.0

37 stars 3 forks source link

Assertion failure on if-then-else aliases #19

Open AlviseDeFaveri opened 6 months ago

AlviseDeFaveri commented 6 months ago

Samples that trigger the bug:

out_nfs4_proc_get_root 0xffffffff813ed1d0
out_nfs4_server_capabilities 0xffffffff813ed120
out_dm_submit_bio_remap 0xffffffff81a424d0 
out_xs_udp_set_buffer_size 0xffffffff81cc1aa0

The bug seems to be fixed if we add state splitting on stored values, as introduced by d954945, but this would trigger again the infinite loop reported in #13