manticore icon indicating copy to clipboard operation
manticore copied to clipboard
verified publisher icon trailofbits

Analysis fails with pure-symbolic mode

Open davidtr1037 opened this issue 5 years ago • 0 comments

Summary of the problem

Analysis fails in pure-symbolic mode. The input program:

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int y = 3;

int main() {
    read(0, &y, 1);

    char a[10] = {0,};
    if (y >= 0 && y < 10) {
        if (a[y] == 77) {
            printf("OK\n");
        }
    }

    return 0;
}

Compile with:

gcc -static <src> -o <binariy>

Manticore version

0.3.4

Python version

3.6

OS / Environment

Ubuntu 16.04

Dependencies

...

Step to reproduce the behavior

manticore --pure-symbolic <binary>

Expected behavior

Successful analysis without exceptions.

Actual behavior

Exception (log attached).

Any relevant logs

2020-10-11 16:06:21,152: [15384] m.c.worker:ERROR: Exception in state 4: TypeError("'ArraySelect' object cannot be interpreted as an integer",)
Traceback (most recent call last):
  File "/usr/local/lib/python3.6/dist-packages/manticore/core/worker.py", line 99, in run
    current_state = m._get_state(wait=True)
  File "/usr/local/lib/python3.6/dist-packages/manticore/core/manticore.py", line 637, in _get_state
    return self._load(state_id)
  File "/usr/local/lib/python3.6/dist-packages/manticore/utils/event.py", line 85, in newFunction
    result = func(self, *args, **kw)
  File "/usr/local/lib/python3.6/dist-packages/manticore/core/manticore.py", line 562, in _load
    state = self._workspace.load_state(state_id, delete=False)
  File "/usr/local/lib/python3.6/dist-packages/manticore/core/workspace.py", line 474, in load_state
    return self._store.load_state(f"{self._prefix}{state_id:08x}{self._suffix}", delete=delete)
  File "/usr/local/lib/python3.6/dist-packages/manticore/core/workspace.py", line 181, in load_state
    state = self._serializer.deserialize(f)
  File "/usr/local/lib/python3.6/dist-packages/manticore/utils/helpers.py", line 130, in deserialize
    return pickle.load(GzipFile(fileobj=f, mode="rb") if consts.compress_states else f)
  File "/usr/local/lib/python3.6/dist-packages/manticore/native/memory.py", line 298, in __init__
    self._data[0 : len(data_init)] = data_init


TypeError: 'ArraySelect' object cannot be interpreted as an integer

davidtr1037 avatar Oct 11 '20 13:10 davidtr1037