Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segfault in x86 disassembler #8

Closed
radare opened this issue Nov 28, 2013 · 1 comment
Closed

Segfault in x86 disassembler #8

radare opened this issue Nov 28, 2013 · 1 comment

Comments

@radare
Copy link
Contributor

radare commented Nov 28, 2013

The killer sequence of bytes is: "\xff\x8c\xf9\xff\xff\x9b\xf9"

You can reproduce the crash with this program:

#include <stdio.h>
#include <capstone.h>

int main() {
        int i, n, ret;
        csh handle;
        cs_insn *insn;

        ret = cs_open (CS_ARCH_X86, CS_MODE_32, &handle);
        if (ret) {
                printf ("Failed\n");
                return 1;
        }
        n = cs_disasm_dyn (handle, "\xff\x8c\xf9\xff\xff\x9b\xf9", 7, 0, 0, &insn);
        if (n>0)
        for (i=0; i<n; i++) {
                printf ("%d -> (sz=%d) : %s %s\n", i,
                        insn[i].size,
                        insn[i].mnemonic,
                        insn[i].op_str);
        }
        cs_close (handle);
        return 0;
}

backtrace:

(lldb) bt
* thread #1: tid = 0x5e686, 0x00007fff908a0866 libsystem_kernel.dylib`__pthread_kill + 10, queue = 'com.apple.main-thread, stop reason = signal SIGABRT
    frame #0: 0x00007fff908a0866 libsystem_kernel.dylib`__pthread_kill + 10
    frame #1: 0x00007fff90cd235c libsystem_pthread.dylib`pthread_kill + 92
    frame #2: 0x00007fff9097fbba libsystem_c.dylib`abort + 125
    frame #3: 0x00007fff9097fd31 libsystem_c.dylib`abort_report_np + 181
    frame #4: 0x00007fff909a38c5 libsystem_c.dylib`__chk_fail + 48
    frame #5: 0x00007fff909a3895 libsystem_c.dylib`__chk_fail_overflow + 16
    frame #6: 0x00007fff909a3ae4 libsystem_c.dylib`__strcpy_chk + 83
    frame #7: 0x000000010000d77d a.out`X86_Intel_printInst [inlined] get_first_op(buffer=<unavailable>) + 3101 at X86IntelInstPrinter.c:178
    frame #8: 0x000000010000d718 a.out`X86_Intel_printInst(MI=0x00007fff909a3895, O=<unavailable>, Info=<unavailable>) + 3000 at X86IntelInstPrinter.c:208
    frame #9: 0x0000000100001f45 a.out`cs_disasm_dyn(ud=4300224704, buffer=0x0000000100049378, size=<unavailable>, offset=0, count=<unavailable>, insn=0x00007fff5fbffb60) + 725 at cs.c:270
    frame #10: 0x000000010000150d a.out`main + 125
    frame #11: 0x00007fff9630a5fd libdyld.dylib`start + 1
(lldb)
frame #7: 0x000000010000d77d a.out`X86_Intel_printInst [inlined] get_first_op(buffer=<unavailable>) + 3101 at X86IntelInstPrinter.c:178
   175              memcpy(firstop, tab + 1, comma - tab - 1);
   176              firstop[comma - tab - 1] = '\0';
   177          } else
-> 178              strcpy(firstop, tab + 1);
   179      } else  // no op
   180          firstop[0] = '\0';
   181  }
@danghvu
Copy link
Collaborator

danghvu commented Nov 28, 2013

Fixed in f10be9b

@danghvu danghvu closed this as completed Nov 28, 2013
sephiroth99 pushed a commit to sephiroth99/capstone that referenced this issue Sep 22, 2015
@fruxo
Size improvements for skin elements. Part of capstone-engine#8.
1395306 
Moved intrinsic skin size logic from widgets to skin and added attributes:

pref-width and pref-height overrides widget calculated pref-width
and pref-height.

width and height specifies intrinsic width and height.
@drmilhous drmilhous mentioned this issue Feb 10, 2016
Closed
@traceprobe traceprobe mentioned this issue Apr 17, 2018
Closed
@daehee87 daehee87 mentioned this issue Mar 6, 2020
Open
tmfink pushed a commit to tmfink/capstone that referenced this issue Sep 8, 2021
@m4b
Merge pull request capstone-engine#8 from capstone-rust/doc-improve
b5d06ed 
Improve documentation
aeflores added a commit to aeflores/capstone that referenced this issue Feb 11, 2022
@aeflores
Merge pull request capstone-engine#8 from capstone-engine/next
128e556 
Updating Next to latest
@libinyxsn libinyxsn mentioned this issue Jan 3, 2024
Open
@F1o0T F1o0T mentioned this issue Mar 20, 2024
Open
@FinnWilkinson FinnWilkinson mentioned this issue Sep 6, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@radare @danghvu