summaryrefslogtreecommitdiffstats
path: root/results/classifier/semantic-bugs/graphic/1722
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/semantic-bugs/graphic/1722')
-rw-r--r--results/classifier/semantic-bugs/graphic/1722100
1 files changed, 100 insertions, 0 deletions
diff --git a/results/classifier/semantic-bugs/graphic/1722 b/results/classifier/semantic-bugs/graphic/1722
new file mode 100644
index 00000000..4dcbfc5f
--- /dev/null
+++ b/results/classifier/semantic-bugs/graphic/1722
@@ -0,0 +1,100 @@
+graphic: 0.963
+semantic: 0.957
+device: 0.956
+mistranslation: 0.954
+other: 0.948
+vnc: 0.944
+instruction: 0.943
+assembly: 0.934
+network: 0.909
+socket: 0.896
+boot: 0.813
+KVM: 0.808
+
+qemu-mipsn32: Illegal Instruction at `exts` instruction
+Description of problem:
+Run with the command above, I got this error:
+
+```
+qemu-mipsn32 run
+qemu: uncaught target signal 4 (Illegal instruction) - core dumped
+Illegal instruction (core dumped)
+```
+
+I then tried to debug the program with qemu option `-g 1234` and know that
+
+```
+$ gdb-multiarch run
+...
+
+pwndbg> target remote 0:1234
+...
+
+pwndbg> c
+Continuing.
+
+Program received signal SIGILL, Illegal instruction.
+0x3f7d2434 in ?? () from /lib32/ld.so.1
+warning: GDB can't find the start of the function at 0x3f7d2434.
+x/10i
+
+pwndbg> x/10i $pc
+=> 0x3f7d2434: 0x7047f03a
+ 0x3f7d2438: lui a3,0x7000
+ 0x3f7d243c: ori a3,a3,0x5e
+ 0x3f7d2440: b 0x3f7d241c
+ 0x3f7d2444: subu v0,a3,v0
+ 0x3f7d2448: sltiu a7,a3,-3
+ 0x3f7d244c: bnezl a7,0x3f7d246c
+ 0x3f7d2450: subu a3,a4,v0
+ 0x3f7d2454: addiu a3,a3,1
+ 0x3f7d2458: li v0,-4
+```
+
+So I know the problem is in libc32/ld.so.1. When I dissasemble that file and look at offset 0x4434, it's an `exts` instruction as below:
+
+```
+$ file /lib32/ld.so.1
+/lib32/ld-2.15.so: ELF 32-bit MSB shared object, MIPS, N32 MIPS64 rel2 version 1 (SYSV), dynamically linked, stripped
+
+$ ./mips64-n32--glibc--stable-2022.08-1/bin/mips64-buildroot-linux-gnu-objdump -d /lib32/ld.so.1 | less
+ ...
+ 4434: 7047f03a exts a3,v0,0x0,0x1e
+ 4438: 3c077000 lui a3,0x7000
+ 443c: 34e7005e ori a3,a3,0x5e
+ 4440: 1000fff6 b 441c <GLIBC_2.0@@GLIBC_2.0+0x441c>
+ 4444: 00e21023 subu v0,a3,v0
+ 4448: 2cebfffd sltiu a7,a3,-3
+ 444c: 55600007 bnezl a7,446c <GLIBC_2.0@@GLIBC_2.0+0x446c>
+ 4450: 01023823 subu a3,a4,v0
+ 4454: 24e70001 addiu a3,a3,1
+ 4458: 2402fffc li v0,-4
+```
+Steps to reproduce:
+1. Download toolchain of mips64-n32 on toolchains.bootlin.com [here](https://toolchains.bootlin.com/releases_mips64-n32.html)
+2. Write this c code to file `run.c`:
+
+```c
+#include <stdio.h>
+
+int main(){
+ puts("hello world");
+ while (1);
+}
+```
+
+3. Compile file run.c with downloaded toolchain:
+
+```
+mips64-n32--glibc--stable-2022.08-1/bin/mips64-buildroot-linux-gnu-gcc run.c -o run
+```
+
+> Step 1, 2 and 3 can be skip if you download the attached `run` file.
+
+4. Download the attached ld
+5. Make new dir at `/lib32` and move the file ld to `/lib32`
+6. Run command `qemu-mipsn32 run`
+Additional information:
+[ld-2.15.so](/uploads/95f4da26e42d43d39aa2350670134bb5/ld-2.15.so)
+
+[run](/uploads/01be57442009a75cf2f59cbcf53474f4/run)