Version and Platform (required):
- Binary Ninja Version: 5.3
- CPU Architecture: Thumb-2
Bug Description:
Thumb-2 ELF files containing thumb function pointers in .gnu_debugdata result in those functions being incorrectly created as ARM functions
Steps To Reproduce:
Please provide all steps required to reproduce the behavior:
- Open the attached binary
- Navigate to
android::(anonymous namespace)::CreateRelroFile at 0x11c8c
- Observe that the function was created as ARM, resulting in bad decompilation
>>> current_function
<func: armv7@0x11c8c>
Expected Behavior:
A thumb-2 function should be created instead
Screenshots/Video Recording:
Additional Information:
Parsing the debug info ends up calling DefineAutoSymbolAndVariableOrFunction to add functions to the debug view. Platform::GetAssociatedPlatformByAddress strips the LSB and adds the symbol to the symbol queue with the adjusted address. The symbol queue is iterated to create functions and DefineAutoSymbolAndVariableOrFunction is called a second time - this time with the already adjusted address. This results in the function platform being identified as ARM.
We should not use symbol addresses to resolve the function platform as the symbol addresses should always have the lsb stripped. All DefineAutoSymbolAndVariableOrFunction(GetDefaultPlatform(), symbol, type); calls in elfview.cpp are wrong for function symbols for thumb-2 functions.
libwebviewchromium_loader.so.zip
Currently, the only workaround is to undefine the functions and recreate them from the right-click menu and manually set the thumb-2 platform.
Version and Platform (required):
Bug Description:
Thumb-2 ELF files containing thumb function pointers in
.gnu_debugdataresult in those functions being incorrectly created as ARM functionsSteps To Reproduce:
Please provide all steps required to reproduce the behavior:
android::(anonymous namespace)::CreateRelroFileat0x11c8cExpected Behavior:
A thumb-2 function should be created instead
Screenshots/Video Recording:
Additional Information:
Parsing the debug info ends up calling DefineAutoSymbolAndVariableOrFunction to add functions to the debug view. Platform::GetAssociatedPlatformByAddress strips the LSB and adds the symbol to the symbol queue with the adjusted address. The symbol queue is iterated to create functions and
DefineAutoSymbolAndVariableOrFunctionis called a second time - this time with the already adjusted address. This results in the function platform being identified as ARM.We should not use symbol addresses to resolve the function platform as the symbol addresses should always have the lsb stripped. All
DefineAutoSymbolAndVariableOrFunction(GetDefaultPlatform(), symbol, type);calls inelfview.cppare wrong for function symbols for thumb-2 functions.libwebviewchromium_loader.so.zip
Currently, the only workaround is to undefine the functions and recreate them from the right-click menu and manually set the thumb-2 platform.