simuvex icon indicating copy to clipboard operation
simuvex copied to clipboard
verified publisher icon angr

Instruction prefixes not handled correctly

Open axt opened this issue 8 years ago • 2 comments

Simuvex fails on this instruction:

64 67 a1 00 00       	addr16 mov %fs:0x0,%eax

The problem is in simuvex/engines/vex/ccall.py, in the x86g_use_seg_selector function:

# GDT access
gdt_value = state.se.exactly_int(gdt)
if gdt_value == 0:
    return ((seg_selector << 16) + virtual_addr).zero_extend(32), ()

The problem is that in this case virtual_addr will be BV16, while seg_selector is BV32, so the addition fails.

This fix solves it, but I'm not sure if this is the correct solution:

-            return ((seg_selector << 16) + virtual_addr).zero_extend(32), ()
+            return ((seg_selector << 16) + virtual_addr.zero_extend(32-virtual_addr.size())).zero_extend(32), ()

axt avatar Mar 29 '17 23:03 axt

The fix looks reasonable to me.

zardus avatar Mar 30 '17 10:03 zardus

I've sent a PR which handles the issue more generally. Please have a look on it.

axt avatar Mar 30 '17 11:03 axt