Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MemoryErrors and OverflowErrors in SEXTEND #2658

Open
sam-xif opened this issue Jul 10, 2024 · 0 comments
Open

MemoryErrors and OverflowErrors in SEXTEND #2658

sam-xif opened this issue Jul 10, 2024 · 0 comments
Labels
bug

Comments

@sam-xif
Copy link

sam-xif commented Jul 10, 2024

Summary of the problem

Hello manticore community,

I am working as part of a research team developing a code analysis tool for Python. One of the issues the tool discovered in manticore's codebase is that core.smtlib.operators.SEXTEND has the potential to throw uncaught MemoryError and OverflowError in its left shift operations. The ValueError is caused when a large value is given for the size_src and/or size_dest argument.

If you are interested in learning more about the tool and how it found this issue, let me know down in the comments, or you can contact me at [email protected]. We are primarily curious about whether you find that this issue is legitimate and worth reporting and fixing. If not, we would be interested in understanding why.

Thank you for your consideration!

-Sam

Manticore version

Latest master (commit hash: 8861005)

Python version

Python 3.8

OS / Environment

Linux (kernel version 5.10.218)

Dependencies

N/A

Step to reproduce the behavior

Call SEXTEND with a large value for the size_src and/or size_dest argument.

Expected behavior

Exception handling, or bound checks to ensure size_src and size_dest are within reasonable bounds.

Actual behavior

Tracebacks:

When size_src is too large:

Traceback (most recent call last):
  ...
  File ".../repos/manticore/manticore/core/smtlib/operators.py", line 139, in SEXTEND
    if x >= (1 << (size_src - 1)):
MemoryError

Traceback (most recent call last):
  ...
  File ".../repos/manticore/manticore/core/smtlib/operators.py", line 139, in SEXTEND
    if x >= (1 << (size_src - 1)):
OverflowError: too many digits in integer

When size_dest is too large:

Traceback (most recent call last):
  ...
  File ".../repos/manticore/manticore/core/smtlib/operators.py", line 141, in SEXTEND
    return x & ((1 << size_dest) - 1)
MemoryError

Traceback (most recent call last):
  ...
  File ".../repos/manticore/manticore/core/smtlib/operators.py", line 141, in SEXTEND
    return x & ((1 << size_dest) - 1)
OverflowError: too many digits in integer
@sam-xif sam-xif added the bug label Jul 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sam-xif