izzz reports wrong addresses

[ret2libc]

Work environment

Questions	Answers
OS/arch/bits (mandatory)	Fedora 33
File format of the file you reverse (mandatory)	Macho
Architecture/bits of the file (mandatory)	64
rizin -v full output, not truncated (mandatory)	3b0d11e,

Expected behavior

093 0x00002f3c 0x100002f3c  47  48 () ascii ,http://www.apple.com/appleca/codesigning.crl0\r

Actual behavior

093 0x00002f3c 0x00002f3c  47  48 () ascii ,http://www.apple.com/appleca/codesigning.crl0\r

Steps to reproduce the behavior

$ ./build-dev/binrz/rizin/rizin ./test/bins/mach0/fatmach0-3true
> [0x100000ef8]> izzz~http~codesigning

Additional info

The address currently reported is wrong because there's nothing at that address, see:

[0x100000ef8]> pd 1 @ 0x2f3c
            0x00002f3c      add   byte [rax], al
[0x100000ef8]> px 30 @ 0x2f3c
- offset -   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF
0x00002f3c  0000 0000 0000 0000 0000 0000 0000 0000  ................
0x00002f4c  0000 0000 0000 0000 0000 0000 0000       ..............
[0x100000ef8]> 

[ret2libc]

After looking at the code that searches for strings... I'm not sure we can fix it in short time. The whole "string search" code is a quite convoluted that would likely require a big refactoring + unit tests to properly fix the problem and be sure things would still work.

[XVilka]

Agree. It will also benefit from this work: #1535

[XVilka]

I know the reason - it's actually quite trivial. The string search is ran using the physical address of the buf, for example in #1752 I did this code to search in the current address space:

ut64 paddr = rz_io_v2p(core->io, addr);
int count = rz_scan_strings(bf->buf, str_list, &scan_opt, paddr, paddr + limit, encoding);
if (count <= 0) {
	rz_list_free(str_list);
	free(*name);
	return false;
}

Thus, to show the right addresses, you have to convert them, probably worth to print both vaddr and paddr in the iz output, with rz_io_p2v() calls.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. Considering a lot has probably changed since its creation, we kindly ask you to check again if the issue you reported is still relevant in the current version of rizin. If it is, update this issue with a comment, otherwise it will be automatically closed if no further activity occurs. Thank you for your contributions.