Fix some bugs / Catch some exceptions during gadget symbolic execution

Boyan-MILANOV · Mar 3, 2020 · e710087 · e710087
1 parent 41085d3
commit e710087
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 3 deletions.
diff --git a/libropium/arch/archX86.cpp b/libropium/arch/archX86.cpp
@@ -527,7 +527,7 @@ inline IROperand x86_arg_translate(CPUMode mode, addr_t addr, cs_x86_op* arg, IR
                     segment = ir_none();
                 }
 
-                // === Build the operand now ===  
+                // === Build the operand now ===
                 // Add base and index if any 
                 if( !index.is_none() ){
                     if( !base.is_none() ){
@@ -536,7 +536,7 @@ inline IROperand x86_arg_translate(CPUMode mode, addr_t addr, cs_x86_op* arg, IR
                     }else{
                         res = index;
                     }
-                }else if (!base.is_none()){
+                }else if(!base.is_none()){
                     res = base;
                 }else{
                     res = ir_none();
@@ -559,6 +559,12 @@ inline IROperand x86_arg_translate(CPUMode mode, addr_t addr, cs_x86_op* arg, IR
                         res = segment;
                     }
                 }
+
+                // Check res
+                if( res.is_none() ){
+                    throw symbolic_exception("Got IR_NONE memory operand");
+                }
+
                 // Do load memory if requested
                 if( load_mem ){
                     block->add_instr(bblkid, IRInstruction(IROperation::LDM,

diff --git a/libropium/database/database.cpp b/libropium/database/database.cpp
@@ -160,7 +160,11 @@ int GadgetDB::analyse_raw_gadgets(vector<RawGadget>& raw_gadgets, Arch* arch){
                     throw symbolic_exception("symbolic engine returned null semantics");
                 }
             }catch(symbolic_exception& e){
-                //std::cout << "DEBUG ERROR WHILE EXECUTING GADGET: " << irblock->name << " --> " << e.what() << std::endl;
+                //std::cout << "DEBUG SYMBOLIC ERROR WHILE EXECUTING GADGET: " << irblock->name << " --> " << e.what() << std::endl;
+                    delete gadget; continue;
+                    delete irblock; irblock = nullptr;
+            }catch(expression_exception& e){
+                //std::cout << "DEBUG EXPRESSION ERROR WHILE EXECUTING GADGET: " << irblock->name << " --> " << e.what() << std::endl;
                     delete gadget; continue;
                     delete irblock; irblock = nullptr;
             }

diff --git a/libropium/symbolic/symbolic.cpp b/libropium/symbolic/symbolic.cpp
@@ -154,6 +154,9 @@ Semantics* SymbolicEngine::execute_block(IRBlock* block){
     block->known_max_sp_inc = true;
     block->max_sp_inc = 0;
 
+    // FOR DEBUG 
+    // std::cout << "DEBUG EXECUTING " << block->name << std::endl;
+
     while( !stop ){
         /* ====================== Execute an IR basic block ======================== */ 
         /* Execute the basic block as long as there is no reason to stop */