qiling icon indicating copy to clipboard operation
qiling copied to clipboard
verified publisher icon qilingframework

Default Qiling instances crash when emulating a sample that calls the clone syscall

Open FernandoDoming opened this issue 3 years ago • 0 comments

Default Qiling instances crash when emulating a sample that calls the clone syscall

Stacktrace

 File "/Users/fdd/Library/Python/3.8/lib/python/site-packages/qiling/core.py", line 573, in run
    self.os.run()
  File "/Users/fdd/Library/Python/3.8/lib/python/site-packages/qiling/os/linux/linux.py", line 163, in run
    self.ql.emu_start(self.ql.loader.elf_entry, self.exit_point, self.ql.timeout, self.ql.count)
  File "/Users/fdd/Library/Python/3.8/lib/python/site-packages/qiling/core.py", line 709, in emu_start
    raise self._internal_exception
  File "/Users/fdd/Library/Python/3.8/lib/python/site-packages/qiling/utils.py", line 38, in wrapper
    return func(*args, **kw)
  File "/Users/fdd/Library/Python/3.8/lib/python/site-packages/qiling/core_hooks.py", line 145, in _hook_insn_cb
    ret = hook.call(ql, *hook_args)
  File "/Users/fdd/Library/Python/3.8/lib/python/site-packages/qiling/core_hooks_types.py", line 25, in call
    return self.callback(ql, *args)
  File "/Users/fdd/Library/Python/3.8/lib/python/site-packages/qiling/os/linux/linux.py", line 122, in hook_syscall
    return self.load_syscall()
  File "/Users/fdd/Library/Python/3.8/lib/python/site-packages/qiling/os/posix/posix.py", line 295, in load_syscall
    raise e
  File "/Users/fdd/Library/Python/3.8/lib/python/site-packages/qiling/os/posix/posix.py", line 277, in load_syscall
    retval = syscall_hook(self.ql, *params)
  File "/Users/fdd/Library/Python/3.8/lib/python/site-packages/qiling/os/posix/syscall/sched.py", line 46, in ql_syscall_clone
    f_th = ql.os.thread_management.cur_thread

This is due to the ql.os.thread_management only being initialized if the multithread option for the Qiling instance is True (defaults to False). The clone syscall implementation accesses this variable regardless of the multithread option as can be seen in the last line of the stack trace.

You can use sample with SHA256 d02318d51f00596f9054fd8697723ac2b33ef74d728c47e7ee33f22682d37e2c to reproduce.

FernandoDoming avatar Jun 17 '22 12:06 FernandoDoming