radius2: Bug creates overflow in processor.rs
When trying to solve the challenge: https://github.com/angr/angr-doc/blob/master/examples/defcon2019quals_veryandroidoso/ooo.defcon2019.quals.veryandroidoso.apk
My code:
https://gist.github.com/GanbaruTobi/a01b31216e7dfc2c2e795b092eb290ca
creates a panic:
thread ‘main’ panicked at ‘attempt to add with overflow’, radius/src/processor.rs:712:17
stack backtrace:
0: rust_begin_unwind
at /rustc/7466d5492b2d28d2ba5114dbe71511a6502ac822/library/std/src/panicking.rs:584:5
1: core::panicking::panic_fmt
at /rustc/7466d5492b2d28d2ba5114dbe71511a6502ac822/library/core/src/panicking.rs:142:14
2: core::panicking::panic
at /rustc/7466d5492b2d28d2ba5114dbe71511a6502ac822/library/core/src/panicking.rs:48:5
3: radius2::processor::Processor::fetch_instruction
at ./radius/src/processor.rs:712:17
4: radius2::processor::Processor::execute_instruction
at ./radius/src/processor.rs:718:9
5: radius2::processor::Processor::step
at ./radius/src/processor.rs:742:13
6: radius2::processor::Processor::run
at ./radius/src/processor.rs:853:38
7: radius2::radius::Radius::run_until
at ./radius/src/radius.rs:467:9
8: dex::main
at ./examples/dex/src/main.rs:95:25
9: core::ops::function::FnOnce::call_once
at /rustc/7466d5492b2d28d2ba5114dbe71511a6502ac822/library/core/src/ops/function.rs:248:5
note: Some details are omitted, run with RUST_BACKTRACE=full
for a verbose backtrace.
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 21 (8 by maintainers)
I will just leave a more parameter rich try here for documentation purposes:
dex2oat64 --dex-file=base.apk --oat-location=base.odex --compiler-filter=everything --oat-file=base.odex --oat-location=/data/app/~~IaM0efaCbBd3dTr8RviWrQ==/ooo.defcon2019.quals.veryandroidoso-7_uDuvMOjOvpysBQW-fCOw==/oat/arm64/base.odex --classpath-dir=/data/app/~~IaM0efaCbBd3dTr8RviWrQ==/ooo.defcon2019.quals.veryandroidoso-7_uDuvMOjOvpysBQW-fCOw== --class-loader-context=PCL[]{PCL[/system/framework/android.test.base.jar]#PCL[/system/framework/org.apache.http.legacy.jar]} --instruction-set=arm64 --instruction-set-features=default -g --debuggable --runtime-arg -Xdeny-art-apex-data-files --runtime-arg -Xtarget-sdk-version:26 --runtime-arg -Xhidden-api-policy:enabled --runtime-arg -Xms64m --runtime-arg -Xmx512m --runtime-arg -Xrelocate --android-root=/data/app/~~IaM0efaCbBd3dTr8RviWrQ==/ooo.defcon2019.quals.veryandroidoso-7_uDuvMOjOvpysBQW-fCOw== --huge-method-max=999999999 --large-method-max=999999999 --deduplicate-code=false --compact-dex-level=none