Error reported during analysis of project.analyses.CFGFast

[tower111]

root@f5f7f16b08aa:# env_resolve /tmp/data/d-link/analyzed/DIR-842_fw_revA_1-02_eu_multi_20151008/fw/_DIR842A1_FW102B05.bin.extracted/squashfs-root/bin/wscd --results .
WARNING | 2025-09-07 09:53:53,791 | cle.backends.externs | Symbol was allocated without a known size; emulation may fail if it is used non-opaquely: __ctype_b
WARNING | 2025-09-07 09:53:53,792 | cle.loader | For more information about "Symbol was allocated without a known size",see https://docs.angr.io/extending-angr/environment#simdata
Traceback (most recent call last):
File "/usr/local/bin/env_resolve", line 8, in
sys.exit(main())
^^^^^^
File "/operation-mango/package/argument_resolver/analysis/env_resolve.py",
line 322, in main
analyzer = EnvAnalysis(**args.dict)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/operation-mango/package/argument_resolver/analysis/env_resolve.py",
line 35, in init
super().init(*args, **kwargs)
File "/operation-mango/package/argument_resolver/analysis/base.py", line 150,
in init
self.project = self.init_analysis(
^^^^^^^^^^^^^^^^^^^
File "/operation-mango/package/argument_resolver/analysis/base.py", line 200,
in init_analysis
project.analyses.CFGFast(
File "/angr/lib/python3.11/site-packages/angr/analyses/analysis.py", line 216,
in call
r = w(*args, **kwargs)
^^^^^^^^^^^^^^^^^^
File "/angr/lib/python3.11/site-packages/angr/analyses/analysis.py", line 201,
in wrapper
oself.init(*args, **kwargs)
File "/angr/lib/python3.11/site-packages/angr/analyses/cfg/cfg_fast.py", line
844, in init
self._analyze()
File
"/angr/lib/python3.11/site-packages/angr/analyses/forward_analysis/forward_analy
sis.py", line 247, in _analyze
self._analysis_core_baremetal()
File
"/angr/lib/python3.11/site-packages/angr/analyses/forward_analysis/forward_analy
sis.py", line 367, in _analysis_core_baremetal
self._job_queue_empty()
File "/angr/lib/python3.11/site-packages/angr/analyses/cfg/cfg_fast.py", line
1465, in _job_queue_empty
self._process_unresolved_indirect_jumps()
File "/angr/lib/python3.11/site-packages/angr/analyses/cfg/cfg_base.py", line
2859, in _process_unresolved_indirect_jumps
all_targets |= self._process_one_indirect_jump(jump)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/angr/lib/python3.11/site-packages/angr/analyses/cfg/cfg_base.py", line
2890, in _process_one_indirect_jump
resolved, targets = resolver.resolve(
^^^^^^^^^^^^^^^^^
File
"/angr/lib/python3.11/site-packages/angr/analyses/cfg/indirect_jump_resolvers/co
nst_resolver.py", line 110, in resolve
prop = self.project.analyses.Propagator(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/angr/lib/python3.11/site-packages/angr/analyses/analysis.py", line 216,
in call
r = w(*args, **kwargs)
^^^^^^^^^^^^^^^^^^
File "/angr/lib/python3.11/site-packages/angr/analyses/analysis.py", line 201,
in wrapper
oself.init(*args, **kwargs)
File
"/angr/lib/python3.11/site-packages/angr/analyses/propagator/propagator.py",
line 191, in init
self._analyze()
File
"/angr/lib/python3.11/site-packages/angr/analyses/propagator/propagator.py",
line 416, in _analyze
self._analysis_core_graph()
File
"/angr/lib/python3.11/site-packages/angr/analyses/forward_analysis/forward_analy
sis.py", line 269, in _analysis_core_graph
changed, output_state = self._run_on_node(n, job_state)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File
"/angr/lib/python3.11/site-packages/angr/analyses/propagator/propagator.py",
line 295, in _run_on_node
state = engine.process(
^^^^^^^^^^^^^^^
File
"/angr/lib/python3.11/site-packages/angr/analyses/propagator/engine_base.py",
line 47, in process
self._process(state, None, block=kwargs.pop("block", None))
File "/angr/lib/python3.11/site-packages/angr/engines/light/engine.py", line
144, in _process
self._process_Stmt(whitelist=whitelist)
File "/angr/lib/python3.11/site-packages/angr/engines/light/engine.py", line
164, in _process_Stmt
self._handle_Stmt(stmt)
File "/angr/lib/python3.11/site-packages/angr/engines/light/engine.py", line
194, in _handle_Stmt
getattr(self, handler)(stmt)
File
"/angr/lib/python3.11/site-packages/angr/analyses/propagator/engine_vex.py",
line 150, in _handle_WrTmp
super()._handle_WrTmp(stmt)
File "/angr/lib/python3.11/site-packages/angr/engines/light/engine.py", line
201, in _handle_WrTmp
data = self._expr(stmt.data)
^^^^^^^^^^^^^^^^^^^^^
File
"/angr/lib/python3.11/site-packages/angr/analyses/propagator/engine_vex.py",
line 55, in _expr
v = super()._expr(expr)
^^^^^^^^^^^^^^^^^^^
File "/angr/lib/python3.11/site-packages/angr/engines/light/engine.py", line
236, in _expr
return getattr(self, handler)(expr)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File
"/angr/lib/python3.11/site-packages/angr/analyses/propagator/engine_vex.py",
line 277, in _handle_Binop
r = super()._handle_Binop(expr)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/angr/lib/python3.11/site-packages/angr/engines/light/engine.py", line
377, in _handle_Binop
return getattr(self, handler)(expr)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/angr/lib/python3.11/site-packages/angr/engines/light/engine.py", line
555, in _handle_DivMod
quotient = expr_0.SDiv(claripy.SignExt(from_size - to_size, expr_1))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/angr/lib/python3.11/site-packages/claripy/operations.py", line 72, in
_op
return return_type(name, fixed_args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/angr/lib/python3.11/site-packages/claripy/ast/base.py", line 203, in
new
r = operations._handle_annotations(eb._abstract(eb.call(op, args)), args)
^^^^^^^^^^^^^^^^^
File "/angr/lib/python3.11/site-packages/claripy/backends/init.py", line
251, in call
return self._call(op, converted)
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/angr/lib/python3.11/site-packages/claripy/backends/init.py", line
262, in _call
obj = self._op_rawop
^^^^^^^^^^^^^^^^^^^^^^^
File "/angr/lib/python3.11/site-packages/claripy/bv.py", line 45, in
normalize_helper
return f(self, o)
^^^^^^^^^^
File "/angr/lib/python3.11/site-packages/claripy/bv.py", line 17, in
compare_guard
return f(self, o)
^^^^^^^^^^
File "/angr/lib/python3.11/site-packages/claripy/bv.py", line 429, in SDiv
raise ClaripyZeroDivisionError()
claripy.errors.ClaripyZeroDivisionError
34% ━━━━━━━━━━━━╸━━━━━━━━━━━━━━━━━━━━━━━━ Elapsed Time: 0:00:11 Time: 0:00:18 root@f5f7f16b08aa:#

[tower111]

root@f5f7f16b08aa:~# env_resolve  /tmp/data/d-link/analyzed/DIR-842_fw_revA_1-02_eu_multi_20151008/fw/_DIR842A1_FW102B05.bin.extracted/squashfs-root/bin/wscd  --results .
WARNING  | 2025-09-07 09:53:53,791 | cle.backends.externs | Symbol was allocated without a known size; emulation may fail if it is used non-opaquely: __ctype_b
WARNING  | 2025-09-07 09:53:53,792 | cle.loader     | For more information about "Symbol was allocated without a known size",see https://docs.angr.io/extending-angr/environment#simdata
Traceback (most recent call last):
  File "/usr/local/bin/env_resolve", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/operation-mango/package/argument_resolver/analysis/env_resolve.py", 
line 322, in main
    analyzer = EnvAnalysis(**args.__dict__)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/operation-mango/package/argument_resolver/analysis/env_resolve.py", 
line 35, in __init__
    super().__init__(*args, **kwargs)
  File "/operation-mango/package/argument_resolver/analysis/base.py", line 150, 
in __init__
    self.project = self.init_analysis(
                   ^^^^^^^^^^^^^^^^^^^
  File "/operation-mango/package/argument_resolver/analysis/base.py", line 200, 
in init_analysis
    project.analyses.CFGFast(
  File "/angr/lib/python3.11/site-packages/angr/analyses/analysis.py", line 216,
in __call__
    r = w(*args, **kwargs)
        ^^^^^^^^^^^^^^^^^^
  File "/angr/lib/python3.11/site-packages/angr/analyses/analysis.py", line 201,
in wrapper
    oself.__init__(*args, **kwargs)
  File "/angr/lib/python3.11/site-packages/angr/analyses/cfg/cfg_fast.py", line 
844, in __init__
    self._analyze()
  File 
"/angr/lib/python3.11/site-packages/angr/analyses/forward_analysis/forward_analy
sis.py", line 247, in _analyze
    self._analysis_core_baremetal()
  File 
"/angr/lib/python3.11/site-packages/angr/analyses/forward_analysis/forward_analy
sis.py", line 367, in _analysis_core_baremetal
    self._job_queue_empty()
  File "/angr/lib/python3.11/site-packages/angr/analyses/cfg/cfg_fast.py", line 
1465, in _job_queue_empty
    self._process_unresolved_indirect_jumps()
  File "/angr/lib/python3.11/site-packages/angr/analyses/cfg/cfg_base.py", line 
2859, in _process_unresolved_indirect_jumps
    all_targets |= self._process_one_indirect_jump(jump)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/angr/lib/python3.11/site-packages/angr/analyses/cfg/cfg_base.py", line 
2890, in _process_one_indirect_jump
    resolved, targets = resolver.resolve(
                        ^^^^^^^^^^^^^^^^^
  File 
"/angr/lib/python3.11/site-packages/angr/analyses/cfg/indirect_jump_resolvers/co
nst_resolver.py", line 110, in resolve
    prop = self.project.analyses.Propagator(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/angr/lib/python3.11/site-packages/angr/analyses/analysis.py", line 216,
in __call__
    r = w(*args, **kwargs)
        ^^^^^^^^^^^^^^^^^^
  File "/angr/lib/python3.11/site-packages/angr/analyses/analysis.py", line 201,
in wrapper
    oself.__init__(*args, **kwargs)
  File 
"/angr/lib/python3.11/site-packages/angr/analyses/propagator/propagator.py", 
line 191, in __init__
    self._analyze()
  File 
"/angr/lib/python3.11/site-packages/angr/analyses/propagator/propagator.py", 
line 416, in _analyze
    self._analysis_core_graph()
  File 
"/angr/lib/python3.11/site-packages/angr/analyses/forward_analysis/forward_analy
sis.py", line 269, in _analysis_core_graph
    changed, output_state = self._run_on_node(n, job_state)
                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File 
"/angr/lib/python3.11/site-packages/angr/analyses/propagator/propagator.py", 
line 295, in _run_on_node
    state = engine.process(
            ^^^^^^^^^^^^^^^
  File 
"/angr/lib/python3.11/site-packages/angr/analyses/propagator/engine_base.py", 
line 47, in process
    self._process(state, None, block=kwargs.pop("block", None))
  File "/angr/lib/python3.11/site-packages/angr/engines/light/engine.py", line 
144, in _process
    self._process_Stmt(whitelist=whitelist)
  File "/angr/lib/python3.11/site-packages/angr/engines/light/engine.py", line 
164, in _process_Stmt
    self._handle_Stmt(stmt)
  File "/angr/lib/python3.11/site-packages/angr/engines/light/engine.py", line 
194, in _handle_Stmt
    getattr(self, handler)(stmt)
  File 
"/angr/lib/python3.11/site-packages/angr/analyses/propagator/engine_vex.py", 
line 150, in _handle_WrTmp
    super()._handle_WrTmp(stmt)
  File "/angr/lib/python3.11/site-packages/angr/engines/light/engine.py", line 
201, in _handle_WrTmp
    data = self._expr(stmt.data)
           ^^^^^^^^^^^^^^^^^^^^^
  File 
"/angr/lib/python3.11/site-packages/angr/analyses/propagator/engine_vex.py", 
line 55, in _expr
    v = super()._expr(expr)
        ^^^^^^^^^^^^^^^^^^^
  File "/angr/lib/python3.11/site-packages/angr/engines/light/engine.py", line 
236, in _expr
    return getattr(self, handler)(expr)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File 
"/angr/lib/python3.11/site-packages/angr/analyses/propagator/engine_vex.py", 
line 277, in _handle_Binop
    r = super()._handle_Binop(expr)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/angr/lib/python3.11/site-packages/angr/engines/light/engine.py", line 
377, in _handle_Binop
    return getattr(self, handler)(expr)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/angr/lib/python3.11/site-packages/angr/engines/light/engine.py", line 
555, in _handle_DivMod
    quotient = expr_0.SDiv(claripy.SignExt(from_size - to_size, expr_1))
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/angr/lib/python3.11/site-packages/claripy/operations.py", line 72, in 
_op
    return return_type(name, fixed_args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/angr/lib/python3.11/site-packages/claripy/ast/base.py", line 203, in 
__new__
    r = operations._handle_annotations(eb._abstract(eb.call(op, args)), args)
                                                    ^^^^^^^^^^^^^^^^^
  File "/angr/lib/python3.11/site-packages/claripy/backends/__init__.py", line 
251, in call
    return self._call(op, converted)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/angr/lib/python3.11/site-packages/claripy/backends/__init__.py", line 
262, in _call
    obj = self._op_raw[op](*args)
          ^^^^^^^^^^^^^^^^^^^^^^^
  File "/angr/lib/python3.11/site-packages/claripy/bv.py", line 45, in 
normalize_helper
    return f(self, o)
           ^^^^^^^^^^
  File "/angr/lib/python3.11/site-packages/claripy/bv.py", line 17, in 
compare_guard
    return f(self, o)
           ^^^^^^^^^^
  File "/angr/lib/python3.11/site-packages/claripy/bv.py", line 429, in SDiv
    raise ClaripyZeroDivisionError()
claripy.errors.ClaripyZeroDivisionError
 34% ━━━━━━━━━━━━╸━━━━━━━━━━━━━━━━━━━━━━━━ Elapsed Time: 0:00:11 Time: 0:00:18 root@f5f7f16b08aa:~# 

[ltfish]

This is very much an angr issue.

[ltfish]

I’m transferring this issue to angr/angr.

[ltfish]

Well just realized that I can’t transfer issues across organizations.