Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gdb.error: There is no member named _sifields. When running exploitable even though it exists. #47

Open
personnumber3377 opened this issue Jan 2, 2023 · 0 comments
Open

gdb.error: There is no member named _sifields. When running exploitable even though it exists. #47

personnumber3377 opened this issue Jan 2, 2023 · 0 comments

Comments

@personnumber3377
Copy link

Hi!

I wrote a map fuzzer for this: https://github.com/SwagSoftware/Kisak-Strike and found a couple of crashes.

When I try to use exploitable to analyze them I am getting these errors.

`GNU gdb (Ubuntu 9.2-0ubuntu1~20.04.1) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/.
Find the GDB manual and other documentation resources online at:
http://www.gnu.org/software/gdb/documentation/.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./bspfuzz...
(gdb) r test.bsp master01.bsp 27015 < outputs/master01/crashes/id:000000,sig:11,src:000001,time:41812685,execs:3059647,op:havoc,rep:4
Starting program: /home/cyberhacker/Finalcsgo/game/bspfuzz test.bsp master01.bsp 27015 < outputs/master01/crashes/id:000000,sig:11,src:000001,time:41812685,execs:3059647,op:havoc,rep:4
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
dedicated.so loaded at 0x7ffff77ec000
engine.so loaded at 0x7ffff5de1000
Reading from /home/cyberhacker/Finalcsgo/game/test.bsp
[New Thread 0x7ffff5525700 (LWP 522991)]
#Module /home/cyberhacker/Finalcsgo/game/bin/linux64/stdshader_dbg failed to load! Error: ((null))
#Module stdshader_dbg failed to load! Error: ((null))

#Console initialized.
#Loading VPK file hashes for pure server operation.
#Loading VPK file hashes for pure server operation.
#Loading VPK file hashes for pure server operation.
#Module /home/cyberhacker/Finalcsgo/game/csgo/bin/matchmaking_ds_client.so failed to load! Error: ((null))
#Module /home/cyberhacker/Finalcsgo/game/csgo/bin/server_valve failed to load! Error: ((null))
#Module /home/cyberhacker/Finalcsgo/game/csgo/bin/linux64/server_valve failed to load! Error: ((null))
#Module /home/cyberhacker/Finalcsgo/game/bin/csgo/bin/server_valve failed to load! Error: ((null))
#Module /home/cyberhacker/Finalcsgo/game/bin/csgo/bin/linux64/server_valve failed to load! Error: ((null))
#Module server_valve failed to load! Error: ((null))
#Module /home/cyberhacker/Finalcsgo/game/csgo/bin/server failed to load! Error: ((null))
#Game.dll loaded for "Counter-Strike: Global Offensive"
#CGameEventManager::AddListener: event 'server_pre_shutdown' unknown.
#CGameEventManager::AddListener: event 'game_newmap' unknown.
#CGameEventManager::AddListener: event 'finale_start' unknown.
#CGameEventManager::AddListener: event 'round_start' unknown.
#CGameEventManager::AddListener: event 'round_end' unknown.
#CGameEventManager::AddListener: event 'difficulty_changed' unknown.
#CGameEventManager::AddListener: event 'player_connect' unknown.
#CGameEventManager::AddListener: event 'player_disconnect' unknown.
#GameTypes: missing mapgroupsSP entry for game type/mode (custom/custom).
#GameTypes: missing mapgroupsSP entry for game type/mode (cooperative/cooperative).
#GameTypes: missing mapgroupsSP entry for game type/mode (cooperative/coopmission).
Failed to load gamerulescvars.txt, game rules cvars might not be reported to management tools.
Server is hibernating
[S_API] SteamAPI_Init(): SteamAPI_IsSteamRunning() did not locate a running instance of Steam.
[S_API] SteamAPI_Init(): Loaded '/home/cyberhacker/.local/share/Steam/linux64/steamclient.so' OK.
[S_API FAIL] SteamAPI_Init() failed; create pipe failed.Particles: Missing 'particles/money_fx.pcf'
No web api auth key specified - workshop downloads will be disabled.
maxplayers set to 64
Unknown command "cl_bobamt_vert"
Unknown command "cl_bobamt_lat"
Unknown command "cl_bob_lower_amt"
Unknown command "cl_viewmodel_shift_left_amt"
Unknown command "cl_viewmodel_shift_right_amt"
Unknown command "cl_teamid_overhead"
Unknown command "cl_teamid_overhead_maxdist"
[Detaching after vfork from child process 522992]
[New Thread 0x7fffe2f6b700 (LWP 522994)]
[New Thread 0x7fffe2e6a700 (LWP 522995)]
---- Host_NewGame ----
Entering the loop bullshit....
Starting the loop.
Waiting for user input:
Got user input from terminal. Time to try to load the thing:

Thread 1 "bspfuzz" received signal SIGSEGV, Segmentation fault.
CollisionBSPData_LoadTextures (pBSPData=0x7ffff72323e0 <g_BSPData>)
at /home/cyberhacker/Finalcsgo/Kisak-Strike/engine/cmodel_bsp.cpp:352
352 out->name = &pBSPData->map_texturenames[index];
(gdb) source /home/cyberhacker/crashwalkshit/exploitable/exploitable/exploitable.py
(gdb) exploitable -v
/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/classifier.py:197: UserWarning: Error while analyzing rule SegFaultOnPc (3/22): There is no member named _sifields.
Traceback (most recent call last):
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/classifier.py", line 193, in getClassification
match = rule.matches()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 96, in isSegFaultOnPcNotNearNull
return self.isSegFaultOnPc() and not self.isFaNearNull()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 334, in isSegFaultOnPc
self.faultingAddress() == self.target.pc()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 329, in faultingAddress
return self.target.si_addr()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/gdb_wrapper/x86.py", line 572, in si_addr
str(gdb.parse_and_eval("$_siginfo._sifields._sigfault.si_addr"))
gdb.error: There is no member named _sifields.

warnings.warn("Error while analyzing rule {}: {}\n{}".format(
/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/classifier.py:197: UserWarning: Error while analyzing rule SegFaultOnPcNearNull (12/22): There is no member named _sifields.
Traceback (most recent call last):
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/classifier.py", line 193, in getClassification
match = rule.matches()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 194, in isSegFaultOnPcNearNull
return self.isSegFaultOnPc() and self.isFaNearNull()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 334, in isSegFaultOnPc
self.faultingAddress() == self.target.pc()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 329, in faultingAddress
return self.target.si_addr()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/gdb_wrapper/x86.py", line 572, in si_addr
str(gdb.parse_and_eval("$_siginfo._sifields._sigfault.si_addr"))
gdb.error: There is no member named _sifields.

warnings.warn("Error while analyzing rule {}: {}\n{}".format(
/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/classifier.py:197: UserWarning: Error while analyzing rule SourceAvNearNull (16/22): There is no member named _sifields.
Traceback (most recent call last):
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/classifier.py", line 193, in getClassification
match = rule.matches()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 237, in isSourceAvNearNull
return self.isSourceAv() and self.isFaNearNull()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 350, in isSourceAv
source_op.eval() == self.faultingAddress()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 329, in faultingAddress
return self.target.si_addr()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/gdb_wrapper/x86.py", line 572, in si_addr
str(gdb.parse_and_eval("$_siginfo._sifields._sigfault.si_addr"))
gdb.error: There is no member named _sifields.

warnings.warn("Error while analyzing rule {}: {}\n{}".format(
/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/classifier.py:197: UserWarning: Error while analyzing rule SourceAv (19/22): There is no member named _sifields.
Traceback (most recent call last):
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/classifier.py", line 193, in getClassification
match = rule.matches()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 226, in isSourceAvNotNearNull
return self.isSourceAv() and not self.isFaNearNull()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 350, in isSourceAv
source_op.eval() == self.faultingAddress()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/analyzers/x86.py", line 329, in faultingAddress
return self.target.si_addr()
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/tools.py", line 80, in _wrapper
res = func(tgt, *args)
File "/home/cyberhacker/crashwalkshit/exploitable/exploitable/lib/gdb_wrapper/x86.py", line 572, in si_addr
str(gdb.parse_and_eval("$_siginfo._sifields._sigfault.si_addr"))
gdb.error: There is no member named _sifields.

warnings.warn("Error while analyzing rule {}: {}\n{}".format(
'exploitable' version 1.32
Linux cyberhacker-h8-1131sc 5.4.0-135-generic #152-Ubuntu SMP Wed Nov 23 20:19:22 UTC 2022 x86_64
Python Exception <class 'gdb.error'> There is no member named _sifields.:
Error occurred in Python: There is no member named _sifields.`

I do not know why this happens.

When I run p $_siginfo in the debugger i get this output:

(gdb) p $_siginfo $1 = {si_signo = 11, si_errno = 0, si_code = 1, _sifields = {_pad = {0 <repeats 28 times>}, _kill = {si_pid = 0, si_uid = 0}, _timer = {si_tid = 0, si_overrun = 0, si_sigval = {sival_int = 0, sival_ptr = 0x0}}, _rt = { si_pid = 0, si_uid = 0, si_sigval = {sival_int = 0, sival_ptr = 0x0}}, _sigchld = {si_pid = 0, si_uid = 0, si_status = 0, si_utime = 0, si_stime = 0}, _sigfault = {si_addr = 0x0, _addr_lsb = 0, _addr_bnd = { _lower = 0x0, _upper = 0x0}}, _sigpoll = {si_band = 0, si_fd = 0}}}
also this command returns this:

(gdb) p $_siginfo._sifields._sigfault $9 = {si_addr = 0x0, _addr_lsb = 0, _addr_bnd = {_lower = 0x0, _upper = 0x0}}

but when I try to access the si_addr element I get the error:

(gdb) p $_siginfo._sifields._sigfault.si_addr There is no member named _sifields.

However this does not make sense. When I try to run the same commands in another binary it works perfectly:

(gdb) p $_siginfo._sifields._sigfault $3 = {si_addr = 0x0, _addr_lsb = 0, _addr_bnd = {_lower = 0x0, _upper = 0x0}} (gdb) p $_siginfo._sifields._sigfault.si_addr $4 = (void *) 0x0

The application I am trying to fuzz is multithreaded but I do not think that it has that much of an effect in this case.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@personnumber3377