Update builds (#70)

* Fix fails in glibc-2.28
* Update to latest libcdb

builds_list

@@ -58,6 +58,7 @@ libc-2.19-3701aa1820d0a1dc12ac27ffde0ca8c63c50ab4a
 libc-2.19-3883c7733b2a0819e0c7c2dcbadfdac26e0e2b72
 libc-2.19-395c995bb2028f96efb60a6ebce75ed51d58c0b0
 libc-2.19-39612ce36adeb6f7e92658cd62c737bc3a260586
+libc-2.19-397c84e78c14cbffba39a48184db482211df9fb3
 libc-2.19-39f403e178f6c4db89f200bae5afd6c55f61e34b
 libc-2.19-3bbdc31d826a2bd8af0919d958620342c295c557
 libc-2.19-3ea89e2234c5203ef245cd4146b515794079ceac
@@ -84,7 +85,9 @@ libc-2.19-4a5eeadb796e6dba8f289a90de2b53e71c8e8788
 libc-2.19-4daad26169c5c868b8ae90587fff76cc28e7b309
 libc-2.19-4e304f78f3cfb52dd521bd6fd8ae7a0c7400104e
 libc-2.19-4e9b0243eb28ea1a14539448a5317d6215fa13fa
+libc-2.19-4eda8ff01be3fba1c7bdd442a8690c3dc7397b6a
 libc-2.19-4f953c59dca85d439af86c6564c9fdb07cccafd5
+libc-2.19-509ee0c9616c4c3ed81951501a8950e1f529bbff
 libc-2.19-50c2ed4707152ba59bfacfd4e1fabc3b28ddc140
 libc-2.19-50e2c3560712d3d9f7af3d155cdeb69687045dd2
 libc-2.19-512993e1c66001e0ad11feea73ddfc22f9c0767b
@@ -122,6 +125,7 @@ libc-2.19-68977b6661c8b646d7d88e32d81916937e346001
 libc-2.19-69673214041206e0eee5b9b5b47fd12d733127e1
 libc-2.19-6a6d6625087a1de6139a620795ef8b2360a06592
 libc-2.19-6abcb030391dbadd0fda38c3975ad6dcfe7fe20c
+libc-2.19-6aff6d091954955fe931bb720a17708513aabda7
 libc-2.19-6b536aa43eabd040e5117034f582d1c0374980cd
 libc-2.19-6d7e55c204d097c75f6b89717876c17f0dc1779a
 libc-2.19-6d8d0b8321b58b20d824cfa9d68d66769caa9b42
@@ -160,6 +164,7 @@ libc-2.19-887a7db21e668f6153604d9e00d1026137f777ee
 libc-2.19-8b05579712ebaea7cae547f4fc461c0828e9c446
 libc-2.19-8c5d5643cd08bc078f22310103f7c6af4ed37921
 libc-2.19-8cb4573f8cc3764df7570800247a76dd63d847b4
+libc-2.19-8d935a42f2f2a1149aa52d3098b32b1d5012cb67
 libc-2.19-8dbcbca713ca58e2c7e4970e8218d536154bb64e
 libc-2.19-8e4150ea59c3a6fdc9f001ba17274f7c48e4be21
 libc-2.19-8fa762223d6b8ee6d47af7455c691a5e238c8209
@@ -185,6 +190,7 @@ libc-2.19-a7204938a680127c01c9799462c3b33035f06358
 libc-2.19-a77581d3046ec7a2176ba4bebc222562668d9fd6
 libc-2.19-a77d09f3b8cbad4c430378157308f6cb71549a5a
 libc-2.19-a7e2264ecf52a64ea3ab55163132240c3142eafd
+libc-2.19-a820f849dda0b99ed06dd59bb88404969b3a5f88
 libc-2.19-a9f67b66e93e0abd79f1d8028188377397e4536b
 libc-2.19-ab474a836c41aed0f0bad2ddc66388253bfa75af
 libc-2.19-ad03e0bcbda2213489f10a6bf63a7f5fe3dd6558
@@ -236,6 +242,7 @@ libc-2.19-d66b201cb2987a585890d4be28cf92dad14cb760
 libc-2.19-d6c3d9e55db8600672a2ef744f57aa84e6bea41a
 libc-2.19-d80f3b321f845a71f3c47d913dd3e65152565863
 libc-2.19-d8adddcd7476a6b09bdf02fe1e1d73bd393b6ed7
+libc-2.19-d9a10b8ef90300628dd0a3a535106967714d7328
 libc-2.19-db3fac1541a95bdab2d9ae20bdef3c2f1c13b7e0
 libc-2.19-dd1b1c22eae3c8f0faa0b355bbcdca8f7c0cd91d
 libc-2.19-df559a150829d9f3cdd0b5ce1e5b4d512d20f55f
@@ -292,6 +299,7 @@ libc-2.21-04f18629ef42b062ed0c8f60d5bfaa40a7d28ef7
 libc-2.21-092fa8483d177952f4b38a4b9be8305baef60466
 libc-2.21-096d4c9ce21618defe0b3e4694dc5380e0189009
 libc-2.21-13495a0bf9fc076d41056041922792ddb58ac456
+libc-2.21-169a143e9c40cfd9d09695333e45fd67743cd2d6
 libc-2.21-1800fb8ed39680604091e8268cd21cb8ee6f747f
 libc-2.21-185ab573783653be4ea1784a59be3a1499ca64c7
 libc-2.21-1a266f551f39283eff85f4ab8913d8b6d57fb290
@@ -302,6 +310,7 @@ libc-2.21-2466292818ad2b41c64ea7107123fe96010e1b96
 libc-2.21-24c3f01054f36f8184ba673743310b5178354334
 libc-2.21-25dd428fb4c350c16dfee20491f1a06484a2bfa3
 libc-2.21-2c092eb4091e8d3a20313a09194418595efca9db
+libc-2.21-2e9718e58257bda1dc0d751665a3ee233bf606f2
 libc-2.21-3141017330a2057c655dcb61bd3d9b2c98399181
 libc-2.21-39f1a0bc7f66ea42f3341c0d629bae8caef2346d
 libc-2.21-3af67b618c87a9cfadcf4be33331e34f77f5c842
@@ -510,6 +519,7 @@ libc-2.23-1e80992437b5e1cb76bf56605ee8991e76e85f69
 libc-2.23-1f1cf1c7ff279aa37add352423fd850e06be1098
 libc-2.23-233dde1d38ecdc54bef352f1b5ee4e007ec9df26
 libc-2.23-2891dc7656eed3d8d4f255c41ca6a28caf532079
+libc-2.23-29e38445a740bba5a77b86691e3c51a7e48dc79b
 libc-2.23-2aedae2bb27ac85cf14c36da79747dd88bb2b633
 libc-2.23-2c4ed1bebc9ede033fbbb422f84da9a93cacd88e
 libc-2.23-336976f90c600be7c95a68be6c2f0652cc22347c
@@ -556,6 +566,7 @@ libc-2.23-c0a199289365088782dcaceab6a81721d0d8ae0c
 libc-2.23-c0cc47b9f732f8150eb2bbfb18d0d60a7b3564a9
 libc-2.23-cbfa941a8eb7a11e4f90e81b66fcd5a820995d7c
 libc-2.23-d10743a8f3a9a7a2e9807b1af78026c0b5363f6b
+libc-2.23-d10fbfd9328f5ffaca50aa93562cb3bfb618fbcc
 libc-2.23-d1df77a9cc06ba60c213852b01bc24282e49696a
 libc-2.23-d26149b8dc15c0c3ea8a5316583757f69b39e037
 libc-2.23-d2be9dbf540a6ca8b559ddfbd17f47b53e84ba8d
@@ -594,10 +605,13 @@ libc-2.24-1c3ec3a011b1005cb1c2c32fc6dbc4e6e9cef4bb
 libc-2.24-1da8c8ac3c71c30040cf58b563ae48e39bbae86f
 libc-2.24-1ddd6fca9cd87c66e6a19df018f5992e9fa6453d
 libc-2.24-1f253610e390e5237eb7949212e08166fba3ca4b
+libc-2.24-1f7bdfb9a24714835cee6e6597ea7aa782821371
+libc-2.24-206b2bb216b6cdb6b1be565a6fcd29f3862db060
 libc-2.24-20cbb98b62f46ee16b182d1b357146577c40ebb7
 libc-2.24-236e52c7896f5403d8065cf3965fdb2d31d56891
 libc-2.24-24b1296687d36e24bd48b8c412157d94f074ecc2
 libc-2.24-253debb34a7d493c0b8e2d6db2079e3d680459f5
+libc-2.24-26e84118fee5788eb5d8dda66b7e7f029d2c7800
 libc-2.24-2ee9e1740da616757f2e6d5ba58576c0c7302fff
 libc-2.24-30acfe88fed30ad3f8cb88425b80ea96899655aa
 libc-2.24-33801a6f55c5c3cdf7d83590b433adcbab08a688
@@ -606,15 +620,20 @@ libc-2.24-389260a6758c3f1dbc741c197e747341ed277cd2
 libc-2.24-3b24749bb184473f81819312e3d86903915eaf65
 libc-2.24-3ea4c67e60e49b8164b692166115bbf927e521db
 libc-2.24-3f89db5baa7e88162377fab6a1590f732a355401
+libc-2.24-43adbb1e7368c94fba1ba9020d8ef0808bff5bc4
 libc-2.24-43faee19af5e1d20163c6492862fca1a4146b668
 libc-2.24-45adab2b0ad8604e35eeea0b30d6ec1ad11642af
 libc-2.24-46bb6303e03d21ec9b79334370e1b39a51f883b1
+libc-2.24-497931f8d2346a6d0e300a65d8fc6106c6c88c15
 libc-2.24-4d0bb76f378375d584a373929f6d5b695f53db99
 libc-2.24-4dac034d41342a93593b3e18aa05f4b69c2909c9
+libc-2.24-4fa7401566d6b3e2c7ee5df3b4d85a01f85b595c
 libc-2.24-5284cbfbd543755c2fa4df64a20ccb14e7ded30c
 libc-2.24-53bab59259db20458dc7d753dd2950916f6e47de
+libc-2.24-568d20b7e0d08bc282fb42ae405c7054e4209ede
 libc-2.24-595aeaf311d354bbcd3f311e218f6b40fe711046
 libc-2.24-5a75868ead9dbb03eb4d668ff2918f341f949387
+libc-2.24-5b72576ff331e93852355123afecdec70fd247b5
 libc-2.24-6194e9b483a157d38ab633a5bf3c37f9ed6b7e04
 libc-2.24-6a5885d005a0e25074da79038453af3c1bbd16a1
 libc-2.24-6a6d4ead4f4d511091e34c8baebaab04b97913e0
@@ -636,13 +655,16 @@ libc-2.24-9a006ea92b333aa035fdecc8dc0b28e1d04edd37
 libc-2.24-9ae48d5843f29af366655a00fb0636db91328abb
 libc-2.24-9b7db6636c9f2f03c9523b02db229741e2250550
 libc-2.24-9e638553dc7a08748d03c42455ecd6bb9bd8f8cd
+libc-2.24-a4c01d397b6584f7040ef266b16a5d4da0b7a087
 libc-2.24-a822e789c3428254f309f81600b9e5ae551a3461
 libc-2.24-aad7dbe330f23ea00ca63daf793b766b51aceb5d
 libc-2.24-acd08eb60d44e32e85530f0537d46f8cd422403e
+libc-2.24-b81a06f0ac241c4aa8860602d9abcc903adbb675
 libc-2.24-b8a944084a03aec90d871ca8a5fac48801cc064d
 libc-2.24-b95a6603e6113924f82409ff65e6ed1514afd3db
 libc-2.24-bb0d156759d9bdfec06f5decd1c03785bcbc0ba1
 libc-2.24-bccffaa4c34e166b9c09e8802ce09989d1e8f46a
+libc-2.24-be6d412ecc4816c46eb49e750b02f714a9131c4e
 libc-2.24-c116abd24efe14f6dc2f98cef3d673934f6d66d0
 libc-2.24-c1fd7dc1c8a6915e5f7a7f24a5901a239d473f08
 libc-2.24-c451b072ff6aa62ba6e054c06e633fa297a3a7eb
@@ -651,12 +673,15 @@ libc-2.24-c62f8c5ce9f5304f054922d39d0c0fa94d9e9531
 libc-2.24-c7d3ac73ddd0865d350bd570771cf3a964a1ddbd
 libc-2.24-c9133ae8d86b5d469422e0c51a19e7910ebeae41
 libc-2.24-cc7e13208dfc283e75a9491f8507429f647eac05
+libc-2.24-d2a8a8ac188a6c3bafa4813a3d2789240ee49489
 libc-2.24-d67af93d54c07bbe5d252ef6f176ec77b866c786
 libc-2.24-d8ba284042773fed1189bcf927960999f4c1de55
 libc-2.24-da518391ad926bb7535f2095df0be265180eeed5
 libc-2.24-dab413a7e3b33dde527af308a09a55ade6b41e84
 libc-2.24-dc799b9197929f88cebc6aa72e3be388cacfb1df
+libc-2.24-dff06414a29b97b865ef938e06a7751fe8b1b2d0
 libc-2.24-e0206d9b8d7ad3abc39a94dbc37bb3b42c9f1345
+libc-2.24-e5dc6c0caa39828fa10ed37e642723a581acdb6d
 libc-2.24-e7de387eec0b57da248cc4e74edefcfcb55bd204
 libc-2.24-eaadebbded05e24bc9853c39b2241436f96d41ef
 libc-2.24-eb6b0b1e1c5cf4579e66eadb083885884dc0b648
@@ -667,10 +692,23 @@ libc-2.24-fd0655c4d2073eda4235084e1d0e558f0251be8a
 libc-2.24-fe976940471b3f683eeebb268f095b7ff1c898c1
 libc-2.25-58c735bc7b19b0aeb395cce70cf63bd62ac75e4a
 libc-2.25-912fc00c0da67045111928bd5c8a350e5be18c41
+libc-2.25-e5eb6347f0629b37bf698200022a683b7efb10ed
 libc-2.25-eae5038c2b9ae67d9eda345aa9fbe0a7185ab436
+libc-2.26-1c39b3b3faa2a2cbb0fa0b6845b29332562262d3
 libc-2.26-2104f3d4ad5cf68603afbe7ba1a17f5ac99c5988
+libc-2.26-499b381aaf00ce85ee5d4a12770ea369b30d2a41
+libc-2.26-4cc84abfe1fd26a485fc2b1b954c281ce9d358fd
+libc-2.26-4ea852c9d6a5084b8b58509b3b3d37d3d8cddb90
+libc-2.26-6d2b609f0c8e7b338f767b08c5ac712fac809d31
 libc-2.26-ddcc13122ddbfe5e5ef77d4ebe66d124ae5762c2
 libc-2.26-f65648a832414f2144ce795d75b6045a1ec2e252
+libc-2.26-fb587bc4429e7d1b0de31a3b9ee8ae78ee797eb0
+libc-2.27-0e188ec5f09c187a7a92784d4b97aa251b15a93c
 libc-2.27-53f40c1d2f3739ae017dcdcef1a17314786e3709
 libc-2.27-63b3d43ad45e1b0f601848c65b067f9e9b40528b
+libc-2.27-9dd0bb57f81671704475d1e5163405f7b4d4b454
 libc-2.27-b417c0ba7cc5cf06d1d1bed6652cedb9253c60d0
+libc-2.28-44f5a3efb0e5733fa9d97e690cb36cd4c682bcdb
+libc-2.28-5784a31a1c26f6d2157e585205ebb63dd19ff90f
+libc-2.28-5b157f49586a3ca84d55837f97ff466767dd3445
+libc-2.28-6ee9454b96efa9e343f9e8105f2fa4529265ea05

lib/one_gadget/builds/libc-2.19-397c84e78c14cbffba39a48184db482211df9fb3.rb

@@ -0,0 +1,38 @@
+require 'one_gadget/gadget'
+# https://gitlab.com/libcdb/libcdb/blob/master/libc/libc6_2.19-10ubuntu2_arm64/lib/aarch64-linux-gnu/libc-2.19.so
+# 
+# AArch64
+# 
+# GNU C Library (Ubuntu GLIBC 2.19-10ubuntu2) stable release version 2.19, by Roland McGrath et al.
+# Copyright (C) 2014 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions.
+# There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+# Compiled by GNU CC version 4.8.3.
+# Compiled on a Linux 3.16.3 system on 2014-09-30.
+# Available extensions:
+# 	crypt add-on version 2.1 by Michael Glad and others
+# 	GNU Libidn by Simon Josefsson
+# 	Native POSIX Threads Library by Ulrich Drepper et al
+# 	BIND-8.2.3-T5B
+# libc ABIs: UNIQUE
+# For bug reporting instructions, please see:
+# <https://bugs.launchpad.net/ubuntu/+source/glibc/+bugs>.
+
+build_id = File.basename(__FILE__, '.rb').split('-').last
+OneGadget::Gadget.add(build_id, 261724,
+                      constraints: ["writable: x21+0x2e0", "x3+0x9e0 == NULL"],
+                      effect: "execve(\"/bin/sh\", sp+0x68, environ)")
+OneGadget::Gadget.add(build_id, 261732,
+                      constraints: ["writable: x20", "writable: x21+0x2e0", "[x20] == NULL || x20 == NULL"],
+                      effect: "execve(\"/bin/sh\", x20, environ)")
+OneGadget::Gadget.add(build_id, 261808,
+                      constraints: ["writable: x21+0x2e0", "writable: x24+0x4", "[x20] == NULL || x20 == NULL"],
+                      effect: "execve(\"/bin/sh\", x20, environ)")
+OneGadget::Gadget.add(build_id, 261820,
+                      constraints: ["writable: x21+0x2e0", "writable: x24+0x4", "[x1] == NULL || x1 == NULL", "[[x0]] == NULL || [x0] == NULL"],
+                      effect: "execve(\"/bin/sh\", x1, [x0])")
+OneGadget::Gadget.add(build_id, 261824,
+                      constraints: ["writable: x21+0x2e0", "writable: x24+0x4", "[x1] == NULL || x1 == NULL", "[x2] == NULL || x2 == NULL"],
+                      effect: "execve(\"/bin/sh\", x1, x2)")
+

lib/one_gadget/builds/libc-2.19-4eda8ff01be3fba1c7bdd442a8690c3dc7397b6a.rb

@@ -0,0 +1,44 @@
+require 'one_gadget/gadget'
+# https://gitlab.com/libcdb/libcdb/blob/master/libc/libc6-amd64_2.19-0ubuntu6.14_i386/lib64/libc-2.19.so
+# 
+# Advanced Micro Devices X86-64
+# 
+# GNU C Library (Ubuntu EGLIBC 2.19-0ubuntu6.14) stable release version 2.19, by Roland McGrath et al.
+# Copyright (C) 2014 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions.
+# There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+# Compiled by GNU CC version 4.8.4.
+# Compiled on a Linux 3.13.11 system on 2018-01-15.
+# Available extensions:
+# 	crypt add-on version 2.1 by Michael Glad and others
+# 	GNU Libidn by Simon Josefsson
+# 	Native POSIX Threads Library by Ulrich Drepper et al
+# 	BIND-8.2.3-T5B
+# libc ABIs: UNIQUE IFUNC
+# For bug reporting instructions, please see:
+# <https://bugs.launchpad.net/ubuntu/+source/eglibc/+bugs>.
+
+build_id = File.basename(__FILE__, '.rb').split('-').last
+OneGadget::Gadget.add(build_id, 274192,
+                      constraints: ["rax == NULL"],
+                      effect: "execve(\"/bin/sh\", rsp+0x30, environ)")
+OneGadget::Gadget.add(build_id, 274276,
+                      constraints: ["[rsp+0x30] == NULL"],
+                      effect: "execve(\"/bin/sh\", rsp+0x30, environ)")
+OneGadget::Gadget.add(build_id, 764189,
+                      constraints: ["[rsi] == NULL || rsi == NULL", "[r12] == NULL || r12 == NULL"],
+                      effect: "execve(\"/bin/sh\", rsi, r12)")
+OneGadget::Gadget.add(build_id, 764268,
+                      constraints: ["[[rbp-0x48]] == NULL || [rbp-0x48] == NULL", "[r12] == NULL || r12 == NULL"],
+                      effect: "execve(\"/bin/sh\", [rbp-0x48], r12)")
+OneGadget::Gadget.add(build_id, 878784,
+                      constraints: ["[r9] == NULL || r9 == NULL", "[rdx] == NULL || rdx == NULL"],
+                      effect: "execve(\"/bin/sh\", r9, rdx)")
+OneGadget::Gadget.add(build_id, 883528,
+                      constraints: ["[rsp+0x70] == NULL"],
+                      effect: "execve(\"/bin/sh\", rsp+0x70, environ)")
+OneGadget::Gadget.add(build_id, 883540,
+                      constraints: ["[rsi] == NULL || rsi == NULL", "[[rax]] == NULL || [rax] == NULL"],
+                      effect: "execve(\"/bin/sh\", rsi, [rax])")
+

lib/one_gadget/builds/libc-2.19-509ee0c9616c4c3ed81951501a8950e1f529bbff.rb

@@ -0,0 +1,38 @@
+require 'one_gadget/gadget'
+# https://gitlab.com/libcdb/libcdb/blob/master/libc/libc6-2.19-12/lib/aarch64-linux-gnu/libc-2.19.so
+# 
+# AArch64
+# 
+# GNU C Library (Debian GLIBC 2.19-12) stable release version 2.19, by Roland McGrath et al.
+# Copyright (C) 2014 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions.
+# There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+# Compiled by GNU CC version 4.8.3.
+# Compiled on a Linux 3.16.5 system on 2014-10-25.
+# Available extensions:
+# 	crypt add-on version 2.1 by Michael Glad and others
+# 	GNU Libidn by Simon Josefsson
+# 	Native POSIX Threads Library by Ulrich Drepper et al
+# 	BIND-8.2.3-T5B
+# libc ABIs: UNIQUE
+# For bug reporting instructions, please see:
+# <http://www.debian.org/Bugs/>.
+
+build_id = File.basename(__FILE__, '.rb').split('-').last
+OneGadget::Gadget.add(build_id, 261532,
+                      constraints: ["writable: x21+0x2d8", "x3+0x6c0 == NULL"],
+                      effect: "execve(\"/bin/sh\", sp+0x68, environ)")
+OneGadget::Gadget.add(build_id, 261540,
+                      constraints: ["writable: x20", "writable: x21+0x2d8", "[x20] == NULL || x20 == NULL"],
+                      effect: "execve(\"/bin/sh\", x20, environ)")
+OneGadget::Gadget.add(build_id, 261616,
+                      constraints: ["writable: x21+0x2d8", "writable: x24+0x4", "[x20] == NULL || x20 == NULL"],
+                      effect: "execve(\"/bin/sh\", x20, environ)")
+OneGadget::Gadget.add(build_id, 261628,
+                      constraints: ["writable: x21+0x2d8", "writable: x24+0x4", "[x1] == NULL || x1 == NULL", "[[x0]] == NULL || [x0] == NULL"],
+                      effect: "execve(\"/bin/sh\", x1, [x0])")
+OneGadget::Gadget.add(build_id, 261632,
+                      constraints: ["writable: x21+0x2d8", "writable: x24+0x4", "[x1] == NULL || x1 == NULL", "[x2] == NULL || x2 == NULL"],
+                      effect: "execve(\"/bin/sh\", x1, x2)")
+

lib/one_gadget/builds/libc-2.19-6aff6d091954955fe931bb720a17708513aabda7.rb

@@ -0,0 +1,41 @@
+require 'one_gadget/gadget'
+# https://gitlab.com/libcdb/libcdb/blob/master/libc/libc6-i386_2.19-0ubuntu6.14_amd64/lib32/libc-2.19.so
+# 
+# Intel 80386
+# 
+# GNU C Library (Ubuntu EGLIBC 2.19-0ubuntu6.14) stable release version 2.19, by Roland McGrath et al.
+# Copyright (C) 2014 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions.
+# There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+# Compiled by GNU CC version 4.8.4.
+# Compiled on a Linux 3.13.11 system on 2018-01-15.
+# Available extensions:
+# 	crypt add-on version 2.1 by Michael Glad and others
+# 	GNU Libidn by Simon Josefsson
+# 	Native POSIX Threads Library by Ulrich Drepper et al
+# 	BIND-8.2.3-T5B
+# libc ABIs: UNIQUE IFUNC
+# For bug reporting instructions, please see:
+# <https://bugs.launchpad.net/ubuntu/+source/eglibc/+bugs>.
+
+build_id = File.basename(__FILE__, '.rb').split('-').last
+OneGadget::Gadget.add(build_id, 261415,
+                      constraints: ["ebx is the GOT address of libc", "[esp+0x34] == NULL"],
+                      effect: "execve(\"/bin/sh\", esp+0x34, environ)")
+OneGadget::Gadget.add(build_id, 261451,
+                      constraints: ["ebx is the GOT address of libc", "[eax] == NULL || eax == NULL", "[[esp+0x8]] == NULL || [esp+0x8] == NULL"],
+                      effect: "execve(\"/bin/sh\", eax, [esp+0x8])")
+OneGadget::Gadget.add(build_id, 261455,
+                      constraints: ["ebx is the GOT address of libc", "[[esp+0x4]] == NULL || [esp+0x4] == NULL", "[[esp+0x8]] == NULL || [esp+0x8] == NULL"],
+                      effect: "execve(\"/bin/sh\", [esp+0x4], [esp+0x8])")
+OneGadget::Gadget.add(build_id, 412772,
+                      constraints: ["ebx is the GOT address of libc", "[esp+0x8] == NULL"],
+                      effect: "execl(\"/bin/sh\", \"sh\", [esp+0x8])")
+OneGadget::Gadget.add(build_id, 412778,
+                      constraints: ["ebx is the GOT address of libc", "eax == NULL"],
+                      effect: "execl(\"/bin/sh\", eax)")
+OneGadget::Gadget.add(build_id, 412782,
+                      constraints: ["ebx is the GOT address of libc", "[esp+0x4] == NULL"],
+                      effect: "execl(\"/bin/sh\", [esp+0x4])")
+

lib/one_gadget/builds/libc-2.19-8d935a42f2f2a1149aa52d3098b32b1d5012cb67.rb

@@ -0,0 +1,38 @@
+require 'one_gadget/gadget'
+# https://gitlab.com/libcdb/libcdb/blob/master/libc/libc6_2.19-10ubuntu2.3_arm64/lib/aarch64-linux-gnu/libc-2.19.so
+# 
+# AArch64
+# 
+# GNU C Library (Ubuntu GLIBC 2.19-10ubuntu2.3) stable release version 2.19, by Roland McGrath et al.
+# Copyright (C) 2014 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions.
+# There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+# Compiled by GNU CC version 4.8.3.
+# Compiled on a Linux 3.16.7 system on 2015-02-25.
+# Available extensions:
+# 	crypt add-on version 2.1 by Michael Glad and others
+# 	GNU Libidn by Simon Josefsson
+# 	Native POSIX Threads Library by Ulrich Drepper et al
+# 	BIND-8.2.3-T5B
+# libc ABIs: UNIQUE
+# For bug reporting instructions, please see:
+# <https://bugs.launchpad.net/ubuntu/+source/glibc/+bugs>.
+
+build_id = File.basename(__FILE__, '.rb').split('-').last
+OneGadget::Gadget.add(build_id, 261724,
+                      constraints: ["writable: x21+0x2e0", "x3+0x3b0 == NULL"],
+                      effect: "execve(\"/bin/sh\", sp+0x68, environ)")
+OneGadget::Gadget.add(build_id, 261732,
+                      constraints: ["writable: x20", "writable: x21+0x2e0", "[x20] == NULL || x20 == NULL"],
+                      effect: "execve(\"/bin/sh\", x20, environ)")
+OneGadget::Gadget.add(build_id, 261808,
+                      constraints: ["writable: x21+0x2e0", "writable: x24+0x4", "[x20] == NULL || x20 == NULL"],
+                      effect: "execve(\"/bin/sh\", x20, environ)")
+OneGadget::Gadget.add(build_id, 261820,
+                      constraints: ["writable: x21+0x2e0", "writable: x24+0x4", "[x1] == NULL || x1 == NULL", "[[x0]] == NULL || [x0] == NULL"],
+                      effect: "execve(\"/bin/sh\", x1, [x0])")
+OneGadget::Gadget.add(build_id, 261824,
+                      constraints: ["writable: x21+0x2e0", "writable: x24+0x4", "[x1] == NULL || x1 == NULL", "[x2] == NULL || x2 == NULL"],
+                      effect: "execve(\"/bin/sh\", x1, x2)")
+