well, we still need to use block_length as a gadget filter

angr · Jan 3, 2024 · a49ec0e · a49ec0e
1 parent c6c26b9
commit a49ec0e
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/angrop/chain_builder/reg_setter.py b/angrop/chain_builder/reg_setter.py
@@ -217,7 +217,7 @@ def _find_all_candidate_chains(self, gadgets, **registers):
                     hard_chain = hard_chains[0]
                 else:
                     hard_chain = self._find_add_chain(gadgets, reg, val)
-                self.hard_chain_cache[key] = hard_chain
+                self.hard_chain_cache[key] = hard_chain # we cache the result even if it fails
             if not hard_chain:
                 l.error("Fail to set register: %s to: %#x", reg, val)
                 return []

diff --git a/angrop/rop_gadget.py b/angrop/rop_gadget.py
@@ -134,7 +134,8 @@ def reg_better_than(self, other):
             return False
         if len(self.changed_regs) >= len(other.changed_regs) and \
                 self.stack_change <= other.stack_change and \
-                self.num_mem_access <= other.num_mem_access:
+                self.num_mem_access <= other.num_mem_access and \
+                self.block_length <= other.block_length:
             return True
         return False