Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Frontend] CFG creation: 21445 (KeyError) #188

Closed
NeoQuix opened this issue Mar 2, 2023 · 3 comments
Closed

[Frontend] CFG creation: 21445 (KeyError) #188

NeoQuix opened this issue Mar 2, 2023 · 3 comments
Labels
bug Something isn't working priority-high High priority issue

Comments

@NeoQuix
Copy link
Collaborator

NeoQuix commented Mar 2, 2023
edited
Loading

What happened?

Traceback (most recent call last):
  File "/home/neoquix/Git-Repos/DeWolf/decompile.py", line 80, in <module>
    main(Decompiler)
  File "/home/neoquix/Git-Repos/DeWolf/decompiler/util/commandline.py", line 87, in main
    task = decompiler.decompile(function_name, options)
  File "/home/neoquix/Git-Repos/DeWolf/decompile.py", line 54, in decompile
    task = self._frontend.create_task(function, task_options)
  File "/home/neoquix/Git-Repos/DeWolf/decompiler/frontend/binaryninja/frontend.py", line 137, in create_task
    raise e
  File "/home/neoquix/Git-Repos/DeWolf/decompiler/frontend/binaryninja/frontend.py", line 126, in create_task
    cfg = self._extract_cfg(function.function, options)
  File "/home/neoquix/Git-Repos/DeWolf/decompiler/frontend/binaryninja/frontend.py", line 156, in _extract_cfg
    return parser.parse(function)
  File "/home/neoquix/Git-Repos/DeWolf/decompiler/frontend/binaryninja/parser.py", line 37, in parse
    self._add_basic_block_edges(cfg, index_to_BasicBlock, basic_block)
  File "/home/neoquix/Git-Repos/DeWolf/decompiler/frontend/binaryninja/parser.py", line 50, in _add_basic_block_edges
    lookup_table[edge.target.source_block.start],
KeyError: 21445

How to reproduce?

Decompile decode_format_string.part.0 from od.zip

Affected Binary Ninja Version(s)

Version 3.3.3996
@NeoQuix NeoQuix added bug Something isn't working priority-high High priority issue labels Mar 2, 2023
@NeoQuix NeoQuix assigned NeoQuix and unassigned NeoQuix Mar 8, 2023
@ebehner
Copy link
Collaborator

ebehner commented Apr 27, 2023

The problem is that the address of the jump-table is not in this function, instead it is an address of another function.
Consider the switch statement of the function:
lifter

To obtain the case-constants, we have a look at the lookup_table

dewolf/decompiler/frontend/binaryninja/parser.py

Line 50 in e99a805

lookup_table[edge.target.source_block.start],

The lookup table has the following entries:
look_up_table
Now, the entry for case 0 belongs to the address 0x2800 and not the address 0x53c5 which is the first address of the leftmost block.
Instead, 0x2800 is the address of the block of function decode_format_string.part.0.cold:
other_func

Not sure what we can do here. If we can not match a block to a case, we can have a look whether a very similar function is called there, and then look at this instruction and try to figure out whether this address matches, but this is neither clean nor nice:
find_value

@ebehner
Copy link
Collaborator

ebehner commented Apr 27, 2023

try some kind of recursive search.

@mm4rks mm4rks mentioned this issue Jul 27, 2023
Closed
@rihi
Copy link
Collaborator

rihi commented Oct 19, 2023

Potentially fixed by #297. No longer able to reproduce.

@rihi rihi closed this as completed Oct 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working priority-high High priority issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ebehner @rihi @NeoQuix