plist: fixed a few bugs (#2426)

* Fixed bug where plist()'s argument sentinel had incorrect type * Fixed bug where if sentinel was different from zero, plist tried to dereference a null address * Fixed bug where some error message in plist displayed 0x0x{address} due to incorrect formatting * Added additional tests for plist's bugfixes
1 year ago · 0a5e510fb6
parent 5d95e98c78
commit 0a5e510fb6
2 changed files with 43 additions and 3 deletions
--- a/pwndbg/commands/plist.py
+++ b/pwndbg/commands/plist.py
@ -190,7 +190,7 @@ parser.add_argument(
 def plist(
    path: str,
    next: int,
-    sentinel: str,
+    sentinel: int,
    inner_name: str,
    field_name: str,
    offset: int,
@ -395,7 +395,7 @@ def plist(
    for i, address in enumerate(addresses):
        if i < offset:
            continue
-        if address == sentinel:
+        if address in (0, sentinel):
            break
        try:
            # Always make sure we have the address of the outer structure.
@ -416,7 +416,7 @@ def plist(

            print(f"{target_address:#x} {symbol}: {value}")
        except gdb.error as e:
-            print(message.error(f"Cannot dereference 0x{address:#x} for list link #{i + 1}: {e}"))
+            print(message.error(f"Cannot dereference {address:#x} for list link #{i + 1}: {e}"))
            print(message.error("Is the linked list corrupted or is the sentinel value wrong?"))
            return

--- a/tests/gdb-tests/tests/test_command_plist.py
+++ b/tests/gdb-tests/tests/test_command_plist.py
@ -65,6 +65,46 @@ def test_command_plist_dereference_limit_change_has_impact_on_plist(start_binary
    assert expected_out.match(result_str) is not None


+def test_command_plist_unreached_sentinel_does_not_cause_null_deference(start_binary):
+    """
+    Tests the plist command with a sentinel set to an address that is not reached does
+    not try to dereference zero
+    """
+    startup(start_binary)
+    expected_out = re.compile(
+        """\
+0[xX][0-9a-fA-F]+ <node_a>: 0\\s*
+0[xX][0-9a-fA-F]+ <node_b>: 1\\s*
+0[xX][0-9a-fA-F]+ <node_c>: 2\\s*
+0[xX][0-9a-fA-F]+ <node_d>: 3\\s*
+0[xX][0-9a-fA-F]+ <node_e>: 4\\s*
+\
+"""
+    )
+
+    result_str = gdb.execute("plist node_a next --sentinel 1 -f value", to_string=True)
+    assert expected_out.match(result_str) is not None
+
+
+def test_command_plist_invalid_address_deference_is_displayed_properly(start_binary):
+    """
+    Tests that the error message is displayed nicely when an incorrect address gets
+    deferenced
+    """
+    startup(start_binary)
+    gdb.execute("p node_a->next = 0x1234")
+    expected_out = re.compile(
+        """\
+0[xX][0-9a-fA-F]+ <node_a>: 0\\s*
+Cannot dereference 0x1234 for list link #2: Cannot access memory at address 0x1234\\s*
+Is the linked list corrupted or is the sentinel value wrong\\?\\s*
+\
+"""
+    )
+    result_str = gdb.execute("plist node_a next -f value", to_string=True)
+    assert expected_out.match(result_str) is not None
+
+
 def test_command_plist_flat_with_offset(start_binary):
    """
    Tests the plist for a non-nested linked list with an arbitrary offset value