pwnlib.fmtstr - impossible overlapping byte writes

[George-TL]

I'm reading documentation and there is something odd...

pwn.context.clear(arch = 'i386')
writes = { 0x0: 0xaa, 0x4: 0xbb }
print(pwn.fmtstr_payload(1, writes, write_size='byte'))
writes = { 0x0: 0xaa, 0x3: 0xbb }
print(pwn.fmtstr_payload(1, writes, write_size='byte'))

first one works fine, second crashes with:
ValueError: normalize_writes(): data at offset 3 overlaps with previous data which ends at offset 4

Same for 64 bit:

pwn.context.clear(arch = 'amd64')
writes = { 0x0: 0xaa, 0x8: 0xbb }
print(pwn.fmtstr_payload(1, writes, write_size='byte'))
writes = { 0x0: 0xaa, 0x7: 0xbb }
print(pwn.fmtstr_payload(1, writes, write_size='byte'))

first one works fine, second crashes with:
ValueError: normalize_writes(): data at offset 7 overlaps with previous data which ends at offset 8

Yes, I'm doing byte writes.
There should be no overlapping of any kind.
Please, update documentation with examples how to achieve such writes.

[Arusekk]

Pwntools flattening assumes integers are word-sized. Use b'\xaa' (as opposed to 0xaa) to write one byte, or any other object that flat()/fit() converts to a single byte. Write size only means how big is a unit of a single write. If you are doing byte writes then you write b'\xaa\0\0\0\0\0\0\0' at offset 0 and \xbb\0\0\0\0\0\0\0 which overlaps, as correctly reported by pwntools.

If you have ideas on improving documentation, please open a PR with some initial suggestion so we can start discussing the topic.

[George-TL]

Pwntools flattening assumes integers are word-sized. Use b'\xaa' (as opposed to 0xaa) to write one byte, or any other object that flat()/fit() converts to a single byte.

This crucial information I was missing.
Thanks @Arusekk