Radare2 and symbol sizes, and function analysis.

[RonItay]

I'm trying to use Radare2 for some automated data extraction from ELF files (which might be a bit misguided).
I seem to have some trouble when it come to symbol sizes (when defined), and function analysis.

for example look at __libc_start_main in libc.so.6
This symbol (function) is defined in the SO, with a defined length (which can be found in using the nm command for example. Or by examining the ELF directly, this symbol clearly has the st_size property) of 334 bytes. (This is confirmed when opening the SO in IDA for example and checking).

However, when using is command, the size of __libc_start_main is not shown, only address, and I cant find a simple way of finding the size.

I've tried to take a different approach, analyzing __libc_start_main using af, and then checking the size using afi.
I ran the following commands and got some weird results:
af __libc_start_main
afi __libc_start_main

First, the address of __libc_start_main is now different than the one originally found from the symbol. It is actually the address of __libc_main, not __libc_start_main.
And also, the size given by afi is significantly different than the one given in the symbol table (size: 474, realsz: 450).

I'm kind of confused and not sure what to conclude from these results,
Is radare2 not the right tool for the job?
Is it not stable enough with function analysis and shouldn't be depended upon?
Am i using r2 completely wrong?

Thanks for reading and any help appreciated!

[trufae]

Can you share the binary? is shows the symbol size if its defined by the elf header for me. but that information is completely ignored by the code analysis loop because it can be fuzzed or tweaked for breaking static analysis tools.

About the output in afi, the linear and and basicblock size (474 vs 450) shows that the function have some gaps with inlined data or its taking another function block as part of the same.

Code analysis works well, at least for all my needs, and if there's anything wrong nobody reported it. I don't have the binary or know which arch are u working on to give you a better answer, if r2 does anything wrong you can always fix it to make it work for your needs, so whatever if you can depend or not on the tool depends on you.

[RonItay]

Hi, thanks for the response.
It seems that all my problems were solved when upgrading my radare2 version. My bad.
It currently produces the correct size both when using afi and when looking at symbol size.
Apologies for taking you time!