Small update.

* Fix git checkout revision for Rose. There are no git tags for version 0.11.145.16 for unknown reasons. * Fix a bug in fn2yara where we got an operand bit size of zero.
CERTCC · Apr 1, 2024 · 2089ae0 · 2089ae0
1 parent 4862c96
commit 2089ae0
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 4 deletions.
diff --git a/INSTALL.md b/INSTALL.md
@@ -224,12 +224,12 @@ $ cd rose
 This version has a reasonable chance of working or only having minor
 issues.  If you want to be conservative and use a version of ROSE that
 was known to compile with the latest major commit to the Pharos
-repository, you can checkout ROSE version v0.11.145.16, which is also
+repository, you can checkout ROSE version v0.11.145.18, which is also
 the *earliest* version of ROSE that should be able to compile and pass
 tests:
 
 ```
-$ git checkout v0.11.145.16
+$ git checkout v0.11.145.18
 ```
 
 ROSE can be configured in a multitude of ways, and some attention to

diff --git a/scripts/build_prereqs.bash b/scripts/build_prereqs.bash
@@ -51,7 +51,7 @@ test "$1" = "-reclaim" && rm -rf $DIR/z3
 cd $DIR
 test -d rose && rm -rf rose
 
-git clone --depth 1 -b v0.11.145.16 https://github.com/rose-compiler/rose rose
+git clone --depth 1 -b v0.11.145.18 https://github.com/rose-compiler/rose rose
 cd rose
 
 # See rose issue #52

diff --git a/tools/fn2yara/fn2yara.cpp b/tools/fn2yara/fn2yara.cpp
@@ -561,6 +561,13 @@ class FnToYaraAnalyzer : public BottomUpAnalyzer {
             if (intexp) {
               uint64_t val = intexp->get_value(); // or get_absoluteValue() ?
               if (program.memory.is_mapped(rose_addr_t(val))) {
+                // In programs mapped at address zero, the memory map test will report that
+                // very small constants like 1, 4, and 8 are "addresses" that should be PIC'd
+                // out.  While this is very unprincipled solution, I think it's better than
+                // incorrectly PIC'ing lots of small constants.
+                if (val < 4096) {
+                  return;
+                }
                 AddressIntervalSet chunks = fd->get_address_intervals();
                 auto chunk1 = chunks.find(insn->get_address());
                 auto chunk2 = chunks.find(val);
@@ -572,7 +579,14 @@ class FnToYaraAnalyzer : public BottomUpAnalyzer {
                   // should always be aligned to byte?
                   if (off % 8 != 0 || sz % 8 != 0)
                   {
-                    std::cerr << "non byte alignment or size found: " << off << " " << sz << LEND;
+                    OWARN << "Non-byte alignment (" << off << ") or size (" << sz << ") found "
+                          << " in instruction: " << debug_instruction(insn) << LEND;
+                    return;
+                  }
+                  // Don't add candidates of size zero.
+                  if (sz < 8) {
+                    OWARN << "Integer operand of size " << sz << " bits in instruction: "
+                          << debug_instruction(insn) << " for value " << val <<  LEND;
                     return;
                   }
                   std::pair< uint32_t, uint32_t > pval(off,sz);