search-pattern: Don't stop searching when read_memory fails

Komori Kuzuyu <[email protected]> wrote:
> search-pattern command stop finding string pattern after error "Cannot
> access memory at address xxxxxxxxxxxx". Checking /proc/$pid/maps the
> address mentioned in error is readable but cannot be read from gdb.
>
> The memory is a mapped file to /dev/dri/renderD128
>

Do not assume virtual memory that has read bit is always directly
readable from userspace. We have a special case where /proc/$pid/maps
shows virtual memory address with a read bit, but it cannot be read from
the GDB.

This commit adds an exception handler for read_memory on search-pattern
command when such a special case occurs.

Before this commit, the search-pattern command stops when it meets the
above case (unhandled exception).

After this commit, the search-pattern command continues the scan when
read_memory fails. We still of course, show the error message indicates
that the read_memory fails.

The special case after this commit looks like this:
    gef➤  search-pattern "However"
    [+] Searching 'However' in memory
    [+] In '/usr/lib/x86_64-linux-gnu/dri/radeonsi_dri.so'(0x7fffe5576000-0x7fffe59b6000), permission=r--
      0x7fffe55f8ec6 - 0x7fffe55f8efd  →   "However, if the abstract value is too large, the o[...]"
      0x7fffe55ff01b - 0x7fffe55ff052  →   "However, if the abstract value is too large, the o[...]"
    [!] Cannot access memory at address 0x7fffeb00b000
    [!] Cannot access memory at address 0x7fffeb0d4000
    [!] Cannot access memory at address 0x7fffef49f000
    [+] In '/usr/lib/x86_64-linux-gnu/libbrotlicommon.so.1.0.9'(0x7ffff72ab000-0x7ffff72ca000), permission=r--
      0x7ffff72bb287 - 0x7ffff72bb2be  →   "However, compositionclear:both;cooperationwithin t[...]"
      0x7ffff72bd4ae - 0x7ffff72bd4e5  →   "However, inprogrammersat least inapproximatealthou[...]"
      0x7ffff72bd834 - 0x7ffff72bd867  →   "However thelead to the\t<a href="/was grantedpeople"
      0x7ffff72be10f - 0x7ffff72be146  →   "However, intelligence" tabindex="float:right;Commo[...]"
      0x7ffff72c1c99 - 0x7ffff72c1cd0  →   "However, the An example ofcompared withquantities [...]"
      0x7ffff72c1f4a - 0x7ffff72c1f81  →   "However, thisDepartment ofthe remainingeffect on t[...]"
      0x7ffff72c2451 - 0x7ffff72c2488  →   "However, manythe presidentHowever, someis thought [...]"
      0x7ffff72c246b - 0x7ffff72c24a2  →   "However, someis thought tountil the endwas announc[...]"
      0x7ffff72c2ff8 - 0x7ffff72c302a  →   "However, theand eventuallyAt the end of because of"
      0x7ffff72c3c36 - 0x7ffff72c3c6d  →   "However, it isbecame part ofin relation topopular [...]"
      0x7ffff72c66da - 0x7ffff72c670c  →   "However, there aresrc="http://staticsuggested that"
      0x7ffff72c6c32 - 0x7ffff72c6c69  →   "However, since the/div>\n</div>\n<div left; margin[...]"
    gef➤

Fixes: #674
Reported-by: Komori Kuzuyu <[email protected]>
Signed-off-by: Ammar Faizi <[email protected]>
Signed-off-by: Komori Kuzuyu <[email protected]>

gef.py

@@ -5645,7 +5645,22 @@ def search_pattern_by_address(self, pattern, start_address, end_address):
             else:
                 chunk_size = step
 
-            mem = read_memory(chunk_addr, chunk_size)
+            try:
+                mem = read_memory(chunk_addr, chunk_size)
+            except gdb.error as e:
+                estr = str(e)
+                if estr.startswith("Cannot access memory "):
+                    #
+                    # This is a special case where /proc/$pid/maps
+                    # shows virtual memory address with a read bit,
+                    # but it cannot be read directly from userspace.
+                    #
+                    # See: https://github.com/hugsy/gef/issues/674
+                    #
+                    err(estr)
+                    return []
+                else:
+                    raise e
 
             for match in re.finditer(pattern, mem):
                 start = chunk_addr + match.start()