CVE-2012-1569 strlen: unable to resolve blocking load to any address

[jordr]

klee -inline=memcpy -libc=uclibc --search=dfs --split-search --exit-on-error-type=Ptr -longest-single-recovery=500 -longest-cumulative-recovery=500 --skip-functions-legacy=_asn1_set_name test.bc 32
...
[e6b3d0] KLEE: WARNING: Unable to resolve blocking load to any address. Terminating state
[d6c361] KLEE: ERROR: /home/ubuntu/code/klee-uclibc/libc/string/strlen.c:22: Unable to resolve blocking load to any address
[b3874e] KLEE: NOTE: now ignoring this error at this location

Note: also works with strlen inlining. Not inlining memcpy yields a different error, a segmentation fault in executeMemoryOperation.

[jordr]

libtasn1 bench: reach the ptrerror on each CVE

[jordr]

Also happens on CVE-2015-3622

autoklee -debug-print-instructions=src:stderr -inline=strcmp,strlen --exit-on-error-type=Ptr --libc=uclibc --posix-runtime --search=dfs -skip-functions-not=asn1_get_tag_der,asn1_parser2tree -debug-only=chop test.bc 32

can be bypassed by not skipping asn1_yylex, I believe