Failed to find some gadgets on glibc 2.31
david942j opened this issue · comments
Checked with https://gitlab.com/david942j/libcdb/blob/master/libc/libc6_2.31-0ubuntu10_amd64/lib/x86_64-linux-gnu/libc-2.31.so
Current findings:
0xe6d43 execve("/bin/sh", r10, r12)
constraints:
[r10] == NULL || r10 == NULL
[r12] == NULL || r12 == NULL
0xe6d46 execve("/bin/sh", r10, rdx)
constraints:
[r10] == NULL || r10 == NULL
[rdx] == NULL || rdx == NULL
0xe6d49 execve("/bin/sh", rsi, rdx)
constraints:
[rsi] == NULL || rsi == NULL
[rdx] == NULL || rdx == NULL
Expected more gadgets such as:
e6b4e: 4c 89 e2 mov rdx,r12
e6b51: 4c 89 fe mov rsi,r15
e6b54: 48 8d 3d 4f 0a 0d 00 lea rdi,[rip+0xd0a4f] # 1b75aa <_libc_intl_domainname@@GLIBC_2.2.5+0x1a5>
e6b5b: e8 60 f6 ff ff call e61c0 <execve@@GLIBC_2.2.5>
0xe6b4e execve("/bin/sh", r15, r12)
this pattern is exactly same as the one at 0xe6d43, assuming a bug exists.