weggli icon indicating copy to clipboard operation
weggli copied to clipboard
verified publisher icon googleprojectzero

Match the size of an array

Open plowsec opened this issue 3 years ago • 3 comments

Hey, thanks for weggli, it's so awesome ;)

I ran into an issue and wanted to see if you had a solution for it:

Given this pattern: weggli -u '{char $buf[$len];snprintf($buf, $len2,_);}' test.c

I expect the following lines to be matched:

char buffer[80];
snprintf(buffer, 256, "aaaaaaaa%s", somevar);

By minimalizing the pattern, I found that a pattern like $buf[$a] won't match char buffer[80]; but $buf[_] will. Am I doing something wrong?

plowsec avatar May 20 '22 13:05 plowsec

Thanks for the feedback and the bug report :)

At the moment, variables ($foo) don't match on number literals so this is expected behavior. I've been thinking about changing that, but I'm worried that this makes certain queries to noisy. For example, memcpy(_,_,$x) currently only matches on identifiers in the size field, but not literals and often that's exactly what I want.

I'm currently thinking about the following change: Extend the behavior of numeric variables $0 $1 $1337 to match on identifiers AND number literals. "Normal" variables would still behave as they currently do. This gives an easy way to opt-in to number matching, but adds additional magic to the query language.

Would that change work for your use case?

felixwilhelm avatar Jun 03 '22 11:06 felixwilhelm

Sorry for the late reply, yes that would absolutely work for me! I think we're willing to learn a bit of weggli-specific query language magic in order to find magic bugs :)

plowsec avatar Sep 05 '22 08:09 plowsec

That would be a very welcome enhancement to an already awesome tool.

0xdea avatar Dec 02 '23 21:12 0xdea