Skip to content

Commit

Permalink
fix a corner case that memcpy copy length is 0
Browse files Browse the repository at this point in the history
  • Loading branch information
zhangzhenghsy committed Jun 20, 2023
1 parent 7a7eacd commit e481e99
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions lib/Kernel/Listener/UCListener.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1305,6 +1305,13 @@ void kuc::UCListener::OOBWcheck(klee::ExecutionState &state, klee::KInstruction
ref<Expr> targetaddr = executor->eval(ki, 1, state).value;
ref<Expr> len = executor->eval(ki, 3, state).value;
targetaddr = AddExpr::create(targetaddr, len);
if(klee::ConstantExpr* CE = dyn_cast<klee::ConstantExpr>(len)){
uint64_t length = CE->getZExtValue();
if (length==0){
klee_message("memcpy copy length is 0, no need to check");
break;
}
}
targetaddr = SubExpr::create(targetaddr, klee::ConstantExpr::create(1, Context::get().getPointerWidth()));
OOB_check(state, targetaddr, 1);
}
Expand Down

0 comments on commit e481e99

Please sign in to comment.