Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Symbolic variables - size limiting #338

Open
GrosQuildu opened this issue Feb 19, 2020 · 0 comments
Open

Symbolic variables - size limiting #338

GrosQuildu opened this issue Feb 19, 2020 · 0 comments
Labels
c/c++ core-api

Comments

@GrosQuildu
Copy link
Contributor

GrosQuildu commented Feb 19, 2020
edited

DeepState should allocate buffers of required length and truncate additional data (or don't it?). But running code below:

#include <deepstate/DeepState.hpp>
using namespace deepstate;

TEST(T, T) {
  char *data = (char*)DeepState_Malloc(5);
  // symbolic_int z;
  // LOG(INFO) << "z " << z << "\n";
  // ASSUME_GT(z, 0x41414141);
  for (int i = 0; i < 10; ++i)
  {
    char out[3] = {};
    snprintf(out, 3, "%02x", data[i]);
    LOG(INFO) << out;
  }
  printf("\n");
}

with:

clang++ ./test.cpp  -o test -ldeepstate
echo -ne 'AB\x00CDBBBB' > input
./test --input_test_file input

shows:

WARNING: No test specified, defaulting to first test defined (T_T)
TRACE: Initialized test input buffer with data from `x`
TRACE: Running: T_T from ./test.cpp(4)
INFO: ./test.cpp(13): 41
INFO: ./test.cpp(13): 42
INFO: ./test.cpp(13): 00
INFO: ./test.cpp(13): 43
INFO: ./test.cpp(13): 44
INFO: ./test.cpp(13): 42
INFO: ./test.cpp(13): 42
INFO: ./test.cpp(13): 42
INFO: ./test.cpp(13): 42
INFO: ./test.cpp(13): 00
TRACE: 

TRACE: Passed: T_T

malloced buffer is overflowed. Hard to say if it may cause some problems, but would be nice to debug and explain it.

Uncommenting commented code fragment also returns more data than expected:

WARNING: No test specified, defaulting to first test defined (T_T)
TRACE: Initialized test input buffer with data from `x`
TRACE: Running: T_T from ./test.cpp(4)
INFO: ./test.cpp(7): z 1111638594

TRACE: ./test.cpp(8): Checked condition
INFO: ./test.cpp(13): 41
INFO: ./test.cpp(13): 42
INFO: ./test.cpp(13): 00
INFO: ./test.cpp(13): 43
INFO: ./test.cpp(13): 44
INFO: ./test.cpp(13): 42
INFO: ./test.cpp(13): 42
INFO: ./test.cpp(13): 42
INFO: ./test.cpp(13): 42
INFO: ./test.cpp(13): 00
TRACE: 

TRACE: Passed: T_T

echo -ne 'AB\x00CDBBBBXXXXXXXXXXXXX' > x
./test --input_test_file x
WARNING: No test specified, defaulting to first test defined (T_T)
TRACE: Initialized test input buffer with data from `x`
TRACE: Running: T_T from ./test.cpp(4)
INFO: ./test.cpp(7): z 1111638594

TRACE: ./test.cpp(8): Checked condition
INFO: ./test.cpp(13): 41
INFO: ./test.cpp(13): 42
INFO: ./test.cpp(13): 00
INFO: ./test.cpp(13): 43
INFO: ./test.cpp(13): 44
INFO: ./test.cpp(13): 42
INFO: ./test.cpp(13): 42
INFO: ./test.cpp(13): 42
INFO: ./test.cpp(13): 42
INFO: ./test.cpp(13): 58
INFO: ./test.cpp(13): 58
INFO: ./test.cpp(13): 58
INFO: ./test.cpp(13): 58
INFO: ./test.cpp(13): 58
INFO: ./test.cpp(13): 58
TRACE: 

TRACE: Passed: T_T
@GrosQuildu GrosQuildu changed the title DeepState_Malloc - size limiting Symbolic variables - size limiting Feb 19, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
c/c++ core-api
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GrosQuildu