Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OverflowError: #2170

Open
williballenthin opened this issue Jun 25, 2024 · 0 comments
Open

OverflowError: #2170

williballenthin opened this issue Jun 25, 2024 · 0 comments
Labels
bug Something isn't working ida-explorer Related to IDA Pro plugin

Comments

@williballenthin
Copy link
Collaborator

via @Ana06

ERROR:capa.ida.plugin.form:Failed to extract capabilities from database (error: in method 'get_bytes', argument 2 of type 'unsigned int')
Traceback (most recent call last):
  File "C:\Python310\lib\site-packages\capa\ida\plugin\form.py", line 772, in load_capa_results
    capabilities, counts = capa.capabilities.common.find_capabilities(
  File "C:\Python310\lib\site-packages\capa\capabilities\common.py", line 75, in find_capabilities
    return find_static_capabilities(ruleset, extractor, disable_progress=disable_progress, **kwargs)
  File "C:\Python310\lib\site-packages\capa\capabilities\static.py", line 213, in find_static_capabilities
    all_file_matches, feature_count = find_file_capabilities(ruleset, extractor, function_and_lower_features)
  File "C:\Python310\lib\site-packages\capa\capabilities\common.py", line 25, in find_file_capabilities
    for feature, va in itertools.chain(extractor.extract_file_features(), extractor.extract_global_features()):
  File "C:\Python310\lib\site-packages\capa\features\extractors\ida\extractor.py", line 50, in extract_file_features
    yield from capa.features.extractors.ida.file.extract_features()
  File "C:\Python310\lib\site-packages\capa\features\extractors\ida\file.py", line 196, in extract_features
    for feature, addr in file_handler():
  File "C:\Python310\lib\site-packages\capa\features\extractors\ida\file.py", line 152, in extract_file_strings
    seg_buff = capa.features.extractors.ida.helpers.get_segment_buffer(seg)
  File "C:\Python310\lib\site-packages\capa\features\extractors\ida\helpers.py", line 76, in get_segment_buffer
    buff = idaapi.get_bytes(seg.start_ea, sz)
  File "C:\Program Files\IDA Pro 8.4\python\3\ida_bytes.py", line 4353, in get_bytes
    return _ida_bytes.get_bytes(*args)
OverflowError: in method 'get_bytes', argument 2 of type 'unsigned int'

the second arg to get_bytes is the size, so capa is trying to read a huge segment, larger than 4GB, and this is failing. we should validate these segment sizes and avoid reading too much data into memory.
@williballenthin williballenthin added bug Something isn't working ida-explorer Related to IDA Pro plugin labels Jun 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working ida-explorer Related to IDA Pro plugin
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@williballenthin