Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SegmentationViolation while analyzing an ELF file #2457

Open
alexandreborges opened this issue Oct 9, 2024 · 4 comments
Open

SegmentationViolation while analyzing an ELF file #2457

alexandreborges opened this issue Oct 9, 2024 · 4 comments
Labels
bug Something isn't working viv-bug

Comments

@alexandreborges
Copy link

Dear Developers,

Good afternoon. The description of the issue follows below:

Description

SegmentationViolation while analyzing an ELF file (on Windows and Linux -- versions 7.4.0, 7.3.0 and 7.2.0 ).

Steps to Reproduce

capa test.bin
capa -v test.bin

(binary hash: 06abc46d5dbd012b170c97d142c6b679183159197e9d3f6a76ba5e5abf999725)

Actual behavior:

While running capa (in multiple versions on Windows and Linux), the output is shown below (with and without --debug option).

The relevant error message is:

Traceback (most recent call last):
File "main.py", line 1109, in
File "main.py", line 996, in main
File "main.py", line 839, in get_extractor_from_cli
File "loader.py", line 290, in get_extractor
File "loader.py", line 161, in get_workspace
File "viv_utils/init.py", line 118, in getWorkspace
File "vivisect/init.py", line 2891, in loadFromFile
File "vivisect/parsers/elf.py", line 32, in parseFile
File "vivisect/parsers/elf.py", line 616, in loadElfIntoWorkspace
File "envi/memory.py", line 213, in readMemoryPtr
File "envi/memory.py", line 195, in readMemValue
File "envi/memory.py", line 607, in readMemory
envi.exc.SegmentationViolation: SegmentationViolation('Bad Memory Read (invalid memory address): 0x0: 0x8')
[PYI-171278:ERROR] Failed to execute script 'main' due to unhandled exception!

To the output including --debug option, I pasted only the beginning and the ending:

image
image
image

Versions

Affected versions: 7.4.0, 7.3.0, 7.2.0 (Windows and Linux)
OS: Linux Ubuntu 24.04.1 x64 LTS (full-updated) ; Windows 11 x64 (full-updated)

Additional Information

As I have explained above, the binary's hash that causes the problem is: 06abc46d5dbd012b170c97d142c6b679183159197e9d3f6a76ba5e5abf999725

I've found this issue while using Python 3.12.3 (on Linux) and Python 3.11.3 (on Windows).

@williballenthin
Copy link
Collaborator

thanks for the detailed bug report @alexandreborges !

This appears to be a bug in vivisection, the binary analysis framework used to load and disassemble the ELF file. I'll triage the issue and report it upstream, updating here as appropriate.

@williballenthin williballenthin added bug Something isn't working viv-bug labels Oct 9, 2024
@alexandreborges
Copy link
Author

alexandreborges commented Oct 9, 2024

It's a pleasure to help you improve the tool, @williballenthin. Have an excellent day.

@williballenthin
Copy link
Collaborator

This is a known issue and addressed by the pending PR here: vivisect/vivisect#659

@Hamzah1369

This comment was marked as spam.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working viv-bug
Projects
None yet
Development

No branches or pull requests

3 participants