afvs does not indicate non-initial struct members when the stack is adjusted

[m42a]

Environment

Thu May  9 02:36:08 PM EDT 2024
radare2 5.9.0 0 @ linux-x86-64
birth: git.5.9.0 2024-04-28__16:01:19
commit: unknown
options: gpl release -O1 cs:5 cl:2 meson
Linux x86_64

Description

afvs allows you to create local variables which are structs, and when the stack is not adjusted, displays references to struct members in the disassembly. However, when the stack is adjusted, only the first struct member is displayed.

Test

Compile the following program with gcc -O1 -mno-red-zone:

struct s { int a; int b; };
int main() {
	volatile struct s s_;
	s_.a=2;
	s_.b=3;
	return s_.b;
}

and run the following sequence of r2 commands:

s main
af
"td struct s { int a; int b; };"
afvs -8 s_ s
pdf

This prints

┌ 29: int main (int argc, char **argv, char **envp);
│           ; var s s_ @ rsp+0x8
│           0x00001119      4883ec10       sub rsp, 0x10
│           0x0000111d      c744240802..   mov dword [s_.a], 2
│           0x00001125      c744240c03..   mov dword [rsp + 0xc], 3
│           0x0000112d      8b44240c       mov eax, dword [rsp + 0xc]
│           0x00001131      4883c410       add rsp, 0x10
└           0x00001135      c3             ret

Note that the instruction at 0x0000111d has its destination replaced s_.a. However, the following instruction does not have its destination replaced with s_.b. If the program is instead compiled with gcc -O1 -mred-zone, the stack is not adjusted, and the output is

┌ 21: int main (int argc, char **argv, char **envp);
│           ; var s s_ @ rsp-0x8
│           0x00001119      c74424f802..   mov dword [s_.a], 2
│           0x00001121      c74424fc03..   mov dword [s_.b], 3
│           0x00001129      8b4424fc       mov eax, dword [s_.b]
└           0x0000112d      c3             ret

In this case, the accesses to both s_.a and s_.b are marked.
Here is a zip file containing both binaries.