[angr] pypy & CFG()

Patrick Harsdorf patrick.harsdorf at mailbox.org
Tue Nov 7 01:40:16 PST 2017


Hey guys,

I may have found a bug in angr/capstone/pypy?

I run p.analyses.CFG() on the sakura binary from HITCON 2017 quals.
https://github.com/ymgve/ctf-writeups/blob/master/hitcon2017quals/rev-sakura/sakura-fdb3c896d8a3029f40a38150b2e30a79?raw=true

This works fine with python 2.7 but breaks with pypy.
Both virtualenvs use angr 7.7.9.21 and capstone 3.0.4

Also angr is awesome. Thanks!
Patrick

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

(a)➜  sakura python --version
Python 2.7.12
(a)➜  sakura pip list --format=freeze | grep angr
angr==7.7.9.21


(p)➜  sakura python --version
Python 2.7.10 (5.1.2+dfsg-1~16.04, Jun 16 2016, 17:37:42)
[PyPy 5.1.2 with GCC 5.3.1 20160413]
(p)➜  sakura pip list --format=freeze | grep angr
angr==7.7.9.21





(p)➜  sakura python s_angr.py
WARNING | 2017-11-07 10:04:08,547 | cle.loader | The main binary is a
position-independent executable. It is being loaded with a base address
of 0x400000.
Traceback (most recent call last):
  File "s_angr.py", line 88, in <module>
    main()
  File "s_angr.py", line 58, in main
    deadends = find_deadends(p)
  File "s_angr.py", line 46, in find_deadends
    cfg = p.analyses.CFG()
  File
"/home/user/.virtualenvs/p/site-packages/angr/analyses/analysis.py",
line 96, in make_analysis
    oself.__init__(*args, **kwargs)
  File
"/home/user/.virtualenvs/p/site-packages/angr/analyses/cfg/cfg.py", line
58, in __init__
    CFGFast.__init__(self, **kwargs)
  File
"/home/user/.virtualenvs/p/site-packages/angr/analyses/cfg/cfg_fast.py",
line 810, in __init__
    self._analyze()
  File
"/home/user/.virtualenvs/p/site-packages/angr/analyses/forward_analysis.py",
line 507, in _analyze
    self._post_analysis()
  File
"/home/user/.virtualenvs/p/site-packages/angr/analyses/cfg/cfg_fast.py",
line 1360, in _post_analysis
    self._remove_redundant_overlapping_blocks()
  File
"/home/user/.virtualenvs/p/site-packages/angr/analyses/cfg/cfg_fast.py",
line 2537, in _remove_redundant_overlapping_blocks
    insns = block.capstone.insns
  File "/home/user/.virtualenvs/p/site-packages/angr/block.py", line
159, in capstone
    for cs_insn in cs.disasm(self.bytes, self.addr):
  File "/home/user/.virtualenvs/p/site-packages/capstone/__init__.py",
line 821, in disasm
    yield CsInsn(self, all_insn[i])
  File "/home/user/.virtualenvs/p/site-packages/capstone/__init__.py",
line 424, in __init__
    self._raw = copy_ctypes(all_info)
  File "/home/user/.virtualenvs/p/site-packages/capstone/__init__.py",
line 417, in copy_ctypes
    ctypes.pointer(dst)[0] = src
  File "/usr/lib/pypy/lib_pypy/_ctypes/pointer.py", line 117, in __setitem__
    self._subarray(index)[0] = cobj._get_buffer_value()
TypeError: 'StructureInstance' object does not support item assignment



More information about the angr mailing list