angr.state_plugins.heap.heap_freelist¶

class angr.state_plugins.heap.heap_freelist.Chunk¶

Bases: object

The sort of chunk as would typically be found in a freelist-style heap implementation. Provides a representation of a chunk via a view into the memory plugin. Chunks may be adjacent, in different senses, to as many as four other chunks. For any given chunk, two of these chunks are adjacent to it in memory, and are referred to as the “previous” and “next” chunks throughout this implementation. For any given free chunk, there may also be two significant chunks that are adjacent to it in some linked list of free chunks. These chunks are referred to the “backward” and “forward” chunks relative to the chunk in question.

Variables:

base – the location of the base of the chunk in memory
state – the program state that the chunk is resident in

__init__(base, sim_state)¶

get_size()¶: Returns the actual size of a chunk (as opposed to the entire size field, which may include some flags).

get_data_size()¶: Returns the size of the data portion of a chunk.

set_size(size)¶: Sets the size of the chunk, preserving any flags.

data_ptr()¶: Returns the address of the payload of the chunk.

is_free()¶: Returns a concrete determination as to whether the chunk is free.

next_chunk()¶: Returns the chunk immediately following (and adjacent to) this one.

prev_chunk()¶: Returns the chunk immediately prior (and adjacent) to this one.

fwd_chunk()¶: Returns the chunk following this chunk in the list of free chunks.

set_fwd_chunk(fwd)¶

Sets the chunk following this chunk in the list of free chunks.

Parameters:: fwd – the chunk to follow this chunk in the list of free chunks

bck_chunk()¶: Returns the chunk backward from this chunk in the list of free chunks.

set_bck_chunk(bck)¶

Sets the chunk backward from this chunk in the list of free chunks.

Parameters:: bck – the chunk to precede this chunk in the list of free chunks

class angr.state_plugins.heap.heap_freelist.SimHeapFreelist¶

Bases: SimHeapLibc

A freelist-style heap implementation. Distinguishing features of such heaps include chunks containing heap metadata in addition to user data and at least (but often more than) one linked list of free chunks.

chunks()¶: Returns an iterator over all the chunks in the heap.

allocated_chunks()¶: Returns an iterator over all the allocated chunks in the heap.

free_chunks()¶: Returns an iterator over all the free chunks in the heap.

chunk_from_mem(ptr)¶

Given a pointer to a user payload, return the chunk associated with that payload.

Parameters:: ptr – a pointer to the base of a user payload in the heap
Returns:: the associated heap chunk

print_heap_state()¶

print_all_chunks()¶