dynamorio icon indicating copy to clipboard operation
dynamorio copied to clipboard
verified publisher icon DynamoRIO

CRASH disassembling regdeps ISA with non-DR syntax requested

Open derekbruening opened this issue 1 year ago • 3 comments

I hit this in PR #6941 where the syntax got set to DR_DISASM_ATT and then the view test crashed on its regdeps case. This crash will happen anytime regdeps is disassembled with a syntax other than DR_DISASM_DR:

Program received signal SIGSEGV, Segmentation fault.
0x00005555556cebbe in get_next_instr_info (info=0x0) at core/ir/x86/decode.c:2779
2779        return (const instr_info_t *)(info->code);
(gdb) bt
#0  0x00005555556cebbe in get_next_instr_info (info=0x0) at core/ir/x86/decode.c:2779
#1  0x00005555556cecf7 in get_encoding_info (instr=0x7fffffffc3b0) at core/ir/encode_shared.c:106
#2  0x00005555556de721 in instr_disassemble_opnds_noimplicit (buf=0x7fffffffc520 " 00010011 00060906 move [8byte]       ", bufsz=196, sofar=0x7fffffffc4a8, 
    dcontext=0xffffffffffffffff, instr=0x7fffffffc3b0) at core/ir/disassemble_shared.c:1006
#3  0x00005555556dfbb4 in internal_instr_disassemble (buf=0x7fffffffc520 " 00010011 00060906 move [8byte]       ", bufsz=196, sofar=0x7fffffffc4a8, 
    dcontext=0xffffffffffffffff, instr=0x7fffffffc3b0) at core/ir/disassemble_shared.c:1300
#4  0x00005555556de278 in internal_disassemble (buf=0x7fffffffc520 " 00010011 00060906 move [8byte]       ", bufsz=196, sofar=0x7fffffffc4a8, dcontext=0xffffffffffffffff, 
    pc=0x7fffffffca68 "\021", orig_pc=0x7f6fdd3ec360 <error: Cannot access memory at address 0x7f6fdd3ec360>, with_pc=false, with_bytes=true, 
    extra_bytes_prefix=0x55555573adf4 "") at core/ir/disassemble_shared.c:862
#5  0x00005555556de684 in disassemble_to_buffer (drcontext=0xffffffffffffffff, pc=0x7fffffffca68 "\021", 
    orig_pc=0x7f6fdd3ec360 <error: Cannot access memory at address 0x7f6fdd3ec360>, show_pc=false, show_bytes=true, 
    buf=0x7fffffffc520 " 00010011 00060906 move [8byte]       ", bufsz=196, printed=0x0) at core/ir/disassemble_shared.c:980

derekbruening avatar Aug 27 '24 19:08 derekbruening

I'm solving this in the drmemtrace view tool by forcing DR_DISASM_DR; not 100% sure what the larger fix inside DR core should be. Probably it should not accept other syntax requests.

derekbruening avatar Aug 27 '24 19:08 derekbruening

Ah, interesting. I remember testing (manually, probably should have written tests) the view tool/disassembly with all the syntax flags. Thank you for fixing it!

edeiana avatar Aug 27 '24 23:08 edeiana

Thank you for fixing it!

Just to be clear I only worked around the crash in the drmemtrace view tool. Any other use of the DR disassembly code on the regdeps ISA would presumably hit the same crash, so we should have some kind of DR core fix.

derekbruening avatar Aug 28 '24 00:08 derekbruening