AssignmentExpression assert nullptr Error

wisk / medusa

An open source interactive disassembler

Other

1.04k stars 92 forks source link

AssignmentExpression assert nullptr Error #19

Closed saeschdivara closed 9 years ago

saeschdivara commented 9 years ago

Assertion failed: (spSrcExpr != nullptr && "Source expression is null"), function AssignmentExpression, file /src/core/expression.cpp, line 342.

The file is a pe x86 Intel Windows Executable.

This happens, qMedusa stops to work and nothing of the progression was saved. Is there something not fully implemented that this can happen? Or how can I fix this?

I am working with the newest code of the master branch.

saeschdivara commented 9 years ago

I am preventing the abortion with this code:

    Expression::SPType operand0 = rInsn.GetOperand(0);
          Expression::SPType operand1 = rInsn.GetOperand(1);

          if (operand1 == nullptr) {
              Log::Write("operand 1 is null");
              return false;
          }

          auto pExpr1 = /* Semantic: if zf.id == int1(1): op0.val = op1.val */
          Expr::MakeIfElseCond(
            ConditionExpression::CondEq,
            Expr::MakeId(X86_FlZf, &m_CpuInfo),
            Expr::MakeConst(1, 0x1),
            Expr::MakeAssign(operand0, operand1),
            nullptr);
          AllExpr.push_back(pExpr1);
          rInsn.SetSemantic(AllExpr);

in the following file: src/arch/x86/x86_opcode.cpp

wisk commented 9 years ago

It may looks radical, but this behavior is desired. Just attach a debugger and look in the call stack to find the buggy instruction. I can take a look on this bug if you can share your executable. :)

saeschdivara commented 9 years ago

Well, how could I best share this exe with you?

wisk commented 9 years ago

4shared.com is ok I guess.

saeschdivara commented 9 years ago

I really think that the code of the file has something wrong. At least if I look at this: http://pedump.me/a772ef7449783ee4edc60dd0b006ffe6/#disasm

wisk commented 9 years ago

Thanks for sharing, the buggy instruction was cmpxchg8b, the fix is https://github.com/wisk/medusa/commit/1d61c8e45b5b00a5e16830b16af18d0d200faabf

saeschdivara commented 9 years ago

Hey I've just tested your fix. It works :) Nice job. How do you test these things? Just debugging the application or using something different?

wisk commented 9 years ago

Thanks, it's actually pretty easy to debug these issues:

start qMedusa with a debugger,
wait for the assert to make the application crash,
the debugger catches this exception/signal and stops,
display the callstack
find the faulty instruction
???
profit :)