Various error info reported by gef

[TommyJerryMairo]

• Did you use the latest version of GEF from dev branch?
• Is your bug specific to GEF (not GDB)? - Try to reproduce it running gdb -nx
• Did you read the documentation first?
• Did you check issues (including
  the closed ones) - and the PR?

Step 1: Describe your environment

• Operating System / Distribution: ArchLinux w/ Glibc 2.33
• Architecture: x86_64
• GEF version (including the Python library version) run version in GEF.

GEF: rev:5baa1280dcc0057b041a184d4164c5547125fac9 (Git - clean)
SHA1(/home/tjm/.config/gef/repo/gef.py): 26ae828dbe4c01f5dc70959522c55317d4476215
GDB: 11.1
GDB-Python: 3.9

Step 2: Describe your problem

Steps to reproduce

1. Compile poc.c from the minimalist test case to get the binary poc
2. Load binary poc with gef
3. Set a breakpoint at the return statement with command b 4
4. Run the program with r command

Minimalist test case

// compile with gcc -fPIE -fpic -O0 -g -o poc poc.c
int main() {
	const char *grid[] = {"  \\ \\","  /  ","/\\ \\\\","//\\/\\","\\/\\//"};
	(void *)(grid);
	return 0;
}

Observed Results

• gef prints an error message Error while writing index for /tmp/poc: mkstemp: No such file or directory. in step 2
• gef prints the following error message of invalid escape sequence in step 4:

/home/tjm/.config/gef/repo/gef.py:2768: DeprecationWarning: invalid escape sequence '\/'
  res = gdb.Value(address).cast(char_ptr).string(encoding=encoding, length=length).strip()
/home/tjm/.config/gef/repo/gef.py:2768: DeprecationWarning: invalid escape sequence '\ '
  res = gdb.Value(address).cast(char_ptr).string(encoding=encoding, length=length).strip()

Expected results

• No errors reported

Traces

gef➤  r
Starting program: /tmp/poc

Breakpoint 1, main () at poc.c:4
4		return 0;
[ Legend: Modified register | Code | Heap | Stack | String ]
───────────────────────────────────────────────────────────────────────────────────── registers ────
/home/tjm/.config/gef/repo/gef.py:2768: DeprecationWarning: invalid escape sequence '\/'
  res = gdb.Value(address).cast(char_ptr).string(encoding=encoding, length=length).strip()
$rax   : 0x000055555555601c  →  0x0000002f2f5c2f5c ("\/\//"?)
$rbx   : 0x00005555555551b0  →  <__libc_csu_init+0> endbr64
$rcx   : 0x00007ffff7f7c598  →  0x00007ffff7f7e960  →  0x0000000000000000
$rdx   : 0x00007fffffffe5d8  →  0x00007fffffffe93e  →  "SHELL=/bin/bash"
/home/tjm/.config/gef/repo/gef.py:2768: DeprecationWarning: invalid escape sequence '\ '
  res = gdb.Value(address).cast(char_ptr).string(encoding=encoding, length=length).strip()
$rsp   : 0x00007fffffffe4a0  →  0x0000555555556004  →  0x2020005c205c2020 ("\ \"?)
$rbp   : 0x00007fffffffe4d0  →  0x0000000000000000
$rsi   : 0x00007fffffffe5c8  →  0x00007fffffffe935  →  "/tmp/poc"
$rdi   : 0x1
$rip   : 0x0000555555555187  →  <main+78> mov eax, 0x0
$r8    : 0x0
$r9    : 0x00007ffff7fdcfd0  →  <_dl_fini+0> endbr64
$r10   : 0x00007ffff7dcb798  →  0x0010001200002ab7
$r11   : 0x202
$r12   : 0x0000555555555040  →  <_start+0> endbr64
$r13   : 0x0
$r14   : 0x0
$r15   : 0x0
$eflags: [ZERO carry PARITY adjust sign trap INTERRUPT direction overflow resume virtualx86 identification]
$cs: 0x0033 $ss: 0x002b $ds: 0x0000 $es: 0x0000 $fs: 0x0000 $gs: 0x0000
───────────────────────────────────────────────────────────────────────────────────────── stack ────
0x00007fffffffe4a0│+0x0000: 0x0000555555556004  →  0x2020005c205c2020 ("\ \"?)	 ← $rsp
0x00007fffffffe4a8│+0x0008: 0x000055555555600a  →  0x5c2f0020202f2020 ("/  "?)
0x00007fffffffe4b0│+0x0010: 0x0000555555556010  →  0x2f2f005c5c205c2f ("/\ \"?)
0x00007fffffffe4b8│+0x0018: 0x0000555555556016  →  0x2f5c005c2f5c2f2f ("//\/\"?)
0x00007fffffffe4c0│+0x0020: 0x000055555555601c  →  0x0000002f2f5c2f5c ("\/\//"?)
0x00007fffffffe4c8│+0x0028: 0x20e2374cce9c1b00
0x00007fffffffe4d0│+0x0030: 0x0000000000000000	 ← $rbp
0x00007fffffffe4d8│+0x0038: 0x00007ffff7de3b25  →  <__libc_start_main+213> mov edi, eax
─────────────────────────────────────────────────────────────────────────────────── code:x86:64 ────
   0x555555555178 <main+63>        mov    QWORD PTR [rbp-0x18], rax
   0x55555555517c <main+67>        lea    rax, [rip+0xe99]        # 0x55555555601c
   0x555555555183 <main+74>        mov    QWORD PTR [rbp-0x10], rax
 → 0x555555555187 <main+78>        mov    eax, 0x0
   0x55555555518c <main+83>        mov    rdx, QWORD PTR [rbp-0x8]
   0x555555555190 <main+87>        sub    rdx, QWORD PTR fs:0x28
   0x555555555199 <main+96>        je     0x5555555551a0 <main+103>
   0x55555555519b <main+98>        call   0x555555555030 <__stack_chk_fail@plt>
   0x5555555551a0 <main+103>       leave
──────────────────────────────────────────────────────────────────────────────── source:poc.c+4 ────
      1	 int main() {
      2	 	const char *grid[] = {"  \\ \\","  /  ","/\\ \\\\","//\\/\\","\\/\\//"};
      3	 	(void *)(grid);
●→    4	 	return 0;
      5	 }
─────────────────────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "poc", stopped 0x555555555187 in main (), reason: BREAKPOINT
───────────────────────────────────────────────────────────────────────────────────────── trace ────
[#0] 0x555555555187 → main()
────────────────────────────────────────────────────────────────────────────────────────────────────
gef➤

[theguy147]

Hello @TommyJerryMairo,

I can now reproduce the "Deprecation Warning" problem but not the mkstemp problem.

The issue is caused in

gef/gef.py

Line 2768 in 5baa128

res = gdb.Value(address).cast(char_ptr).string(encoding=encoding, length=length).strip()

More specifically by

.string(encoding="unicode_escape")

It can also be reproduced with this minimal case:

b"\/".decode("unicode_escape")

DeprecationWarning: invalid escape sequence '\/'

This is due to the fact that Python used to be very lax in regards to encodings and is aiming to be more accurate in the future. The "interesting" part is that once the DeprecationWarning becomes a real exception it is actually easier to handle.

There would be a few options to handle this DeprecationWarning now:

• Simply ignoring it (which would probably be bad style) by wrapping it inside a with warnings.catch_warnings() block (see here) until it becomes an Exception and then handle it properly.
• Changing the used encodings to e.g. first try decoding with utf-8 and then latin-1 as a fallback due to its 8bits to glyph mapping which never fails but this might cause some strings to be displayed differently and could thereby lead to confusion to some GEF users (especially the ones that are used to different charsets than latin-1 provides). But this appears to also be the path that pwndbg chose to handle this problem.
• Using some smart charset detection libraries like chardet. But this would add a new dependency to GEF which we try to avoid whenever possible.

@hugsy @Grazfather what do you think about this?

[hugsy]

Good catch, but for GEF we assume that users will be using utf-8 (IIRC it's somewhere in the docs) because we had some encoding issues in the past, and that's just too much to handle so we won't support anything but utf-8.

[hugsy]

Should be fixed by #736 Re-open if not.

Thanks.