set pagination off
set confirm off
set print pretty on
set disassemble-next-line on
set disable-randomization on

set logging file gdb_transcript.txt
set logging overwrite on
set logging enabled on

set substitute-path /root/OpENer /home/ivcm/OpENer

echo === Break on target function ===\n
break CreateCommonPacketFormatStructure

echo === Run with PoC ===\n
run < poc.min

echo === Function entry ===\n
frame
info args
info locals

set $cpf_start = data
set $cpf_len = data_length
set $cpf_end = data + data_length

printf "cpf_start = %p\n", $cpf_start
printf "cpf_len   = %u\n", $cpf_len
printf "cpf_end   = %p\n", $cpf_end
printf "cpf_end - cpf_start = %ld\n", (long)($cpf_end - $cpf_start)

echo === CPF bytes ===\n
x/16bx $cpf_start
x/24bx $cpf_start

echo === Source region ===\n
list /root/OpENer/source/src/enet_encap/cpf.c:239,301

echo === Step over item_count read ===\n
next
p item_count
p/x item_count
p/x data
p (long)(data - $cpf_start)

echo === Set read watchpoint on first byte past CPF slice ===\n
rwatch *$cpf_end

echo === Continue until first out-of-bounds read ===\n
continue

echo === OOB evidence ===\n
bt
frame
info args
info locals
p/x item_count
p/x data
p (long)(data - $cpf_start)
printf "data == cpf_end ? %d\n", (data == $cpf_end)

echo === Source at OOB site ===\n
list /root/OpENer/source/src/enet_encap/cpf.c:274,301

echo === Nearby instructions ===\n
disassemble /m $pc-16,$pc+16

echo === Stop logging ===\n
set logging enabled off

quit
