diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Core/SpecialFunctionHandler.cpp | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/lib/Core/SpecialFunctionHandler.cpp b/lib/Core/SpecialFunctionHandler.cpp index e927adf0..22c27432 100644 --- a/lib/Core/SpecialFunctionHandler.cpp +++ b/lib/Core/SpecialFunctionHandler.cpp @@ -236,9 +236,19 @@ SpecialFunctionHandler::readStringAtAddress(ExecutionState &state, ref<Expr> addressExpr) { ObjectPair op; addressExpr = executor.toUnique(state, addressExpr); + if (!isa<ConstantExpr>(addressExpr)) { + executor.terminateStateOnError( + state, "Symbolic string pointer passed to one of the klee_ functions", + Executor::TerminateReason::User); + return ""; + } ref<ConstantExpr> address = cast<ConstantExpr>(addressExpr); - if (!state.addressSpace.resolveOne(address, op)) - assert(0 && "XXX out of bounds / multiple resolution unhandled"); + if (!state.addressSpace.resolveOne(address, op)) { + executor.terminateStateOnError( + state, "Invalid string pointer passed to one of the klee_ functions", + Executor::TerminateReason::User); + return ""; + } bool res __attribute__ ((unused)); assert(executor.solver->mustBeTrue(state, EqExpr::create(address, |