Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Fix invalid variable delta analysis when using aaef in arm32 binary #… #21257

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+52 −8
Open

Fix invalid variable delta analysis when using aaef in arm32 binary #… #21257

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 15 additions & 8 deletions libr/core/canal.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4925,9 +4925,9 @@ static ut64 delta_for_access(RAnalOp *op, RAnalVarAccessType type) {
RAnalValue *src0 = r_vector_at (&op->srcs, 0);
RAnalValue *src1 = r_vector_at (&op->srcs, 1);
if (type == R_ANAL_VAR_ACCESS_TYPE_WRITE) {
if (dst) {
return dst->imm + dst->delta;
}
// XXX fix invalid var analysis when using esil
return 0;
// if (dst) { return dst->imm + dst->delta; }
} else {
if (src1 && (src1->imm || src1->delta)) {
return src1->imm + src1->delta;
Expand All @@ -4947,17 +4947,20 @@ static void handle_var_stack_access(REsil *esil, ut64 addr, RAnalVarAccessType t
const char *regname = reg_name_for_access (ctx->op, type);
if (ctx->fcn && regname) {
ut64 spaddr = r_reg_getv (esil->anal->reg, ctx->spname);
// XXX the delte computed here is incorrect because in esil that state can be inconsistent with the function boundaries
// XXX and that causes some var names to be incorrectly identified
if (addr >= spaddr && addr < ctx->initial_sp) {
int stack_off = addr - ctx->initial_sp;
// int stack_off = ctx->initial_sp - addr; // R2STACK
// eprintf (" (%llx) %llx = %d\n", ctx->initial_sp, addr, stack_off);
RAnalVar *var = r_anal_function_get_var (ctx->fcn, R_ANAL_VAR_KIND_SPV, stack_off);
if (!var) {
var = r_anal_function_get_var (ctx->fcn, R_ANAL_VAR_KIND_BPV, stack_off);
if (var) {
R_LOG_DEBUG ("Do not reanalyze an already defined variable");
return;
}
var = r_anal_function_get_var (ctx->fcn, R_ANAL_VAR_KIND_BPV, stack_off);
if (!var && stack_off >= -ctx->fcn->maxstack) {
char *varname;
varname = ctx->fcn->anal->opt.varname_stack
char *varname = ctx->fcn->anal->opt.varname_stack
? r_str_newf (VARPREFIX"_%xh", R_ABS (stack_off))
: r_anal_function_autoname_var (ctx->fcn, R_ANAL_VAR_KIND_SPV, VARPREFIX, delta_for_access (ctx->op, type));
var = r_anal_function_set_var (ctx->fcn, stack_off, R_ANAL_VAR_KIND_SPV, NULL, len, false, varname);
Expand All @@ -4981,6 +4984,7 @@ static bool is_stack(RIO *io, ut64 addr) {
}

static bool esilbreak_mem_write(REsil *esil, ut64 addr, const ut8 *buf, int len) {
// XXX causes invalid var names
handle_var_stack_access (esil, addr, R_ANAL_VAR_ACCESS_TYPE_WRITE, len);
// ignore writes in stack
if (myvalid (mycore->io, addr) && r_io_read_at (mycore->io, addr, (ut8*)buf, len)) {
Expand Down Expand Up @@ -5383,7 +5387,7 @@ R_API void r_core_anal_esil(RCore *core, const char *str /* len */, const char *
return;
}
iend = end - start;
if (iend < 0) {
if (iend < 1) {
return;
}
if (iend > MAX_SCAN_SIZE) {
Expand Down Expand Up @@ -5689,6 +5693,9 @@ R_API void r_core_anal_esil(RCore *core, const char *str /* len */, const char *
}
}
break;
case R_ANAL_OP_TYPE_STORE:
// TODO: the same as we do for load imho
break;
case R_ANAL_OP_TYPE_LOAD:
{
ut64 dst = esilbreak_last_read;
Expand Down
37 changes: 37 additions & 0 deletions test/db/anal/arm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1155,3 +1155,40 @@ EXPECT=<<EOF
0x00008470 10482de9 push {r4, fp, lr}
EOF
RUN


NAME=invalid varname after esil
FILE=bins/elf/blah.bin
CMDS=<<EOF
s main
af
aaef
pd 12
EOF
EXPECT=<<EOF
;-- pc:
;-- r15:
/ 484: int main (int argc, char **argv);
| ; arg int argc @ r0
| ; arg char **argv @ r1
| ; var int32_t var_10h @ fp-0x10
| ; var int32_t var_14h @ fp-0x14
| ; var int32_t var_18h @ fp-0x18
| ; var int32_t var_1ch @ fp-0x1c
| ; var int32_t var_20h @ fp-0x20
| ; var int32_t var_24h @ fp-0x24
| ; var int32_t var_8h @ sp+0x18
| 0x00008470 10482de9 push {r4, fp, lr}
| 0x00008474 08b08de2 add fp, var_8h
| 0x00008478 1cd04de2 sub sp, sp, 0x1c
| 0x0000847c 20000be5 str r0, [var_20h] ; 0x20 ; 32 ; argc
| 0x00008480 24100be5 str r1, [var_24h] ; 0x24 ; 36 ; argv
| 0x00008484 0630a0e3 mov r3, 6
| 0x00008488 10300be5 str r3, [var_10h] ; 0x10 ; 16
| 0x0000848c 0030a0e3 mov r3, 0
| 0x00008490 14300be5 str r3, [var_14h] ; 0x14 ; 20
| 0x00008494 20301be5 ldr r3, [var_20h] ; 0x20 ; 32
| 0x00008498 020053e3 cmp r3, 2 ; 2
| ,=< 0x0000849c 0300000a beq 0x84b0
EOF
RUN