Fix processing IR stores with big addresses (#131)

* Patch loader to support LIEF 0.12 * Support big memory addresses (mainly for EVM) * Update lief to 0.12.1 (#110) * Update LIEF to 0.12.1 Latest release * Update LIEF API usage * Add version requirement to CMake when finding LIEF * Fix LIEF link in python packaging Dockerfile * Fix getting symbol name with LIEF 0.12 Co-authored-by: Boyan-MILANOV <[email protected]> * Update packaging dockerfile Co-authored-by: Eric Kilmer <[email protected]>
trailofbits · Jul 11, 2022 · cd2be9d · cd2be9d
1 parent 5d7bbb0
commit cd2be9d
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 3 deletions.
diff --git a/bindings/packaging/Dockerfile b/bindings/packaging/Dockerfile
@@ -9,7 +9,7 @@ RUN yum install -y wget findutils git gmp-devel python3-devel curl
 
 # Build and install LIEF. We need to rebuild it so that it doesn't use the C++11 mangling ABI
 # which is incompatible with manylinux wheels
-RUN wget -O lief.tar.gz https://github.com/lief-project/LIEF/releases/download/0.12.1/LIEF-0.12.1-Linux-x86_64.tar.gz && \
+RUN wget -O lief.tar.gz https://github.com/lief-project/LIEF/archive/refs/tags/0.12.1.zip && \
     mkdir -p lief/build && tar xzvf lief.tar.gz -C lief --strip-components 1  && cd lief/build && \
     cmake -DCMAKE_BUILD_TYPE=Release .. && make -j4 && make install && \
     cd ../.. && rm -rf lief.tar.gz lief

diff --git a/src/engine/engine.cpp b/src/engine/engine.cpp
@@ -342,6 +342,7 @@ info::Stop MaatEngine::run(int max_inst)
             event::Action tmp_action = event::Action::CONTINUE;
             info.addr = asm_inst->addr();
             ir::ProcessedInst& pinst = cpu.pre_process_inst(inst, tmp_action, *this);
+
             // Check event results on register read
             if (tmp_action == event::Action::ERROR)
             {
@@ -891,7 +892,8 @@ bool MaatEngine::process_store(
         )
         {
             do_abstract_store = false;
-            concrete_store_addr = addr.as_uint(*vars);
+            // WARNING: this truncates addresses on more than 64 bits...
+            concrete_store_addr = addr.as_number(*vars).get_ucst();
         }
         else if (addr.is_symbolic(*vars) and not settings.symptr_write)
         {

diff --git a/src/env/env_EVM.cpp b/src/env/env_EVM.cpp
@@ -147,7 +147,16 @@ void Memory::expand_if_needed(const Value& addr, size_t nb_bytes)
 {
     if (not addr.is_symbolic(*_varctx))
     {
-        addr_t required_size = addr.as_uint(*_varctx)+nb_bytes;
+        if (Number(addr.size(), 0xffffffffffffffff-nb_bytes+1).less_than(
+                addr.as_number(*_varctx)
+        )){
+            throw env_exception(
+                "EVM::Memory::expand_if_needed(): address to big to fit in "
+                "64-bit memory model"
+            );
+        }
+
+        addr_t required_size = addr.as_number(*_varctx).get_ucst()+nb_bytes;
         while (required_size > _limit)
         {
             // Expand memory and init with zeros
@@ -168,6 +177,10 @@ void Memory::expand_if_needed(const Value& addr, size_t nb_bytes)
     }
     // TODO: need to handle else{} case when computing gas to know how much
     // bytes have been allocated
+    else
+    {
+        throw env_exception("EVM::Memory::expand_if_needed(): symbolic addresses not supported yet");
+    }
 }
 
 serial::uid_t Memory::class_uid() const