Fix handling of the program base address in Linux (#2500)

* Fix handling of the program base address in Linux: * Distinguish interpreter and program base addresses * Serialize base addresses correctly * Add typing to base address fields in Linux platform Co-authored-by: Eric Hennenfent <eric.hennenfent@trailofbits.com>
trailofbits · Nov 18, 2021 · 52007a8 · 52007a8
1 parent 9f55b09
commit 52007a8
Showing 1 changed file with 13 additions and 7 deletions.
diff --git a/manticore/platforms/linux.py b/manticore/platforms/linux.py
@@ -869,6 +869,9 @@ def __init__(
         self.envp = envp
         self.argv = argv
         self.stubs = SyscallStubs(parent=self)
+        # Load addresses
+        self.interp_base: Optional[int] = None
+        self.program_base: Optional[int] = None
 
         # dict of [int -> (int, int)] where tuple is (soft, hard) limits
         self._rlimits = {
@@ -1028,7 +1031,8 @@ def __getstate__(self):
         state["syscall_trace"] = self.syscall_trace
         state["argv"] = self.argv
         state["envp"] = self.envp
-        state["base"] = self.base
+        state["interp_base"] = self.interp_base
+        state["program_base"] = self.program_base
         state["elf_bss"] = self.elf_bss
         state["end_code"] = self.end_code
         state["end_data"] = self.end_data
@@ -1090,7 +1094,8 @@ def __setstate__(self, state: Dict) -> None:
         self.syscall_trace = state["syscall_trace"]
         self.argv = state["argv"]
         self.envp = state["envp"]
-        self.base = state["base"]
+        self.interp_base = state["interp_base"]
+        self.program_base = state["program_base"]
         self.elf_bss = state["elf_bss"]
         self.end_code = state["end_code"]
         self.end_data = state["end_data"]
@@ -1546,7 +1551,8 @@ def _clean_interp_stream() -> None:
         logger.debug(f"Mappings:")
         for m in str(cpu.memory).split("\n"):
             logger.debug(f"  {m}")
-        self.base = base
+        self.interp_base = base
+        self.program_base = self.load_addr
         self.elf_bss = elf_bss
         self.end_code = end_code
         self.end_data = end_data
@@ -2852,7 +2858,7 @@ def wait(self, readfds, writefds, timeout) -> None:
             self.check_timers()
 
     def awake(self, procid) -> None:
-        """ Remove procid from waitlists and reestablish it in the running list """
+        """Remove procid from waitlists and reestablish it in the running list"""
         logger.debug(
             f"Remove procid:{procid} from waitlists and reestablish it in the running list"
         )
@@ -2877,7 +2883,7 @@ def connections(self, fd: int) -> Optional[int]:
             return fd - 1
 
     def signal_receive(self, fd: int) -> None:
-        """ Awake one process waiting to receive data on fd """
+        """Awake one process waiting to receive data on fd"""
         connections = self.connections
         connection = connections(fd)
         if connection:
@@ -2887,7 +2893,7 @@ def signal_receive(self, fd: int) -> None:
                 self.awake(procid)
 
     def signal_transmit(self, fd: int) -> None:
-        """ Awake one process waiting to transmit data on fd """
+        """Awake one process waiting to transmit data on fd"""
         connection = self.connections(fd)
         if connection is None or not self.fd_table.has_entry(connection):
             return
@@ -2898,7 +2904,7 @@ def signal_transmit(self, fd: int) -> None:
             self.awake(procid)
 
     def check_timers(self) -> None:
-        """ Awake process if timer has expired """
+        """Awake process if timer has expired"""
         if self._current is None:
             # Advance the clocks. Go to future!!
             advance = min([self.clocks] + [x for x in self.timers if x is not None]) + 1