Пример #1
0
    if start_addr is None:
        usage(imm)
        return "You must specify a starting address"

    csa = CodeStructureAnalyzer(imm, start_addr)
    bb_graph = csa.getBasicBlockGraph()

    pg = PathGenerator(bb_graph.basic_blocks, bb_graph.bb_out_edges)
    pg.imm = imm

    false_path_cnt = 0
    path_cnt = 0

    for path in pg.generatePaths(start_addr):
        path_cnt += 1
        p_walker = PathWalker(imm, debug=DEBUG)
        checker = IntOverflowChecker(imm, debug=DEBUG)

        try:
            p_walker.walk(path, analysis_mods=[checker])
        except UnsatPathConditionException, e:
            false_path_cnt += 1
            continue

        analysis_results = p_walker.getAnalysisResults(checker=checker)
        for bug_check_res in analysis_results:
            imm.log("Potential integer overflow @ %s" % \
                    bug_check_res.addr, bug_check_res.addr)

    imm.log("%d/%d paths were feasible and checked" % \
            (path_cnt - false_path_cnt, path_cnt))
Пример #2
0
    imm.log("** FORWARD PATHS **")

    # Use the path generator to dump all possible paths
    pg = PathGenerator(bb_graph.basic_blocks, bb_graph.bb_out_edges)
    pg.imm = imm

    cnt = 0
    feasible_paths = []
    for path in pg.generatePaths(start_addr):
        cnt += 1

        imm.log("%s" % str(path))
        if not prune_paths:
            continue

        p_walker = PathWalker(imm, debug=True)
        try:
            p_walker.walk(path)
            feasible_paths.append(path)
        except UnsatPathConditionException, e:
            imm.log("%s" % str(e))

    ret_str = ""
    if prune_paths:
        imm.log("** FEASIBLE PATHS **")
        for path in feasible_paths:
            imm.log("%s" % str(path))

        f_cnt = len(feasible_paths)
        ret_str = "%d feasible paths out of %d candidates" % (f_cnt, cnt)
    else:
Пример #3
0
    imm.log("** FORWARD PATHS **")
    
    # Use the path generator to dump all possible paths
    pg = PathGenerator(bb_graph.basic_blocks, bb_graph.bb_out_edges)
    pg.imm = imm
    
    cnt = 0
    feasible_paths = []
    for path in pg.generatePaths(start_addr):
        cnt += 1

        imm.log("%s" % str(path))
        if not prune_paths:
            continue

        p_walker = PathWalker(imm, debug=True)
        try:
            p_walker.walk(path)
            feasible_paths.append(path)
        except UnsatPathConditionException, e:
            imm.log("%s" % str(e))

    ret_str = ""
    if prune_paths:
        imm.log("** FEASIBLE PATHS **")
        for path in feasible_paths:
            imm.log("%s" % str(path))

        f_cnt = len(feasible_paths)
        ret_str =  "%d feasible paths out of %d candidates" % (f_cnt, cnt)
    else:
Пример #4
0
    if start_addr is None:
        usage(imm)
        return "You must specify a starting address"

    csa = CodeStructureAnalyzer(imm, start_addr)
    bb_graph = csa.getBasicBlockGraph()

    pg = PathGenerator(bb_graph.basic_blocks, bb_graph.bb_out_edges)
    pg.imm = imm

    false_path_cnt = 0
    path_cnt = 0
    
    for path in pg.generatePaths(start_addr):
        path_cnt += 1
        p_walker = PathWalker(imm, debug=DEBUG)
        checker = IntOverflowChecker(imm, debug=DEBUG)
        
        try:
            p_walker.walk(path, analysis_mods=[checker])
        except UnsatPathConditionException, e:
            false_path_cnt += 1
            continue

        analysis_results = p_walker.getAnalysisResults(checker=checker)
        for bug_check_res in analysis_results:
            imm.log("Potential integer overflow @ %s" % \
                    bug_check_res.addr, bug_check_res.addr)

    imm.log("%d/%d paths were feasible and checked" % \
            (path_cnt - false_path_cnt, path_cnt))