Fix segfault on variable rename

[DoITCreative]

Fix for issue #15691

[radare]

I don’t think this change fixes the actual root cause of the segfault. The last bytes of the address are computed in the way its there.

The ranalop loop below is not checking for the return value so if it analyzes wrongly it keeps doing which may cause bad things. Can u try this? Also, if the value is starting with 0x maybe we can just use the whole value instead of part of it

[radare]

i fixed the ranalop thing pls retry

[DoITCreative]

Tried on:

radare2 4.2.0-git 23434 @ linux-x86-64 git.4.1.1-40-g265e0d1f6
commit: 265e0d1f6672f0023a3d63e45407cd4945d2d910 build: 2019-12-30__16:16:38

Still segfaults inside r_anal_op(...) on line 4065. This happens, because incorrect address is passed in try_off variable. I had specified last hex digits of the variable in dv command like so dv 820be84. So try_off should contain number 0x0820be84, but it has 0x1820be84 instead. That leads to the segfault on pointer dereference further. try_off depends on start_off variable, which is calculated incorrectly at line 4059.

Variables before calculation:

off = 0x0820be94
mask = 0x0fffffff
incr = 0x10000000
N = 0x0820be84

Correct formula looks like start_off = (off & ~mask) ^ N; but we go to the else branch of if case and calculate start_off like so: start_off = ((off & ~mask) ^ incr) ^ N; which is leading to incorrect result. Maybe if statement should check for (off & ~mask) <= N instead of (off & mask) <= N?
It works in my case.
Anyways, the segfault check is not working. If incorrect value is passed in dv - command like so dv 0x0820be94 then we still have segfault.
I found the way to catch segfaults though. With it and with if statement fix everything works correctly. I will make pr soon.

[radare]

An invalid address shoukdnt result in a segfault at all; the issue must be somewhere else but i cant reproduce and i didnt get your asan crashlog yet

…

On 30 Dec 2019, at 15:26, DoITCreative ***@***.***> wrote:  Tried on: radare2 4.2.0-git 23434 @ linux-x86-64 git.4.1.1-40-g265e0d1f6 commit: 265e0d1 build: 2019-12-30__16:16:38 Still segfaults inside r_anal_op(...) on line 4065. This happens, because incorrect address is passed in try_off variable. I had specified last hex digits of the variable in dv command like so dv 820be84. So try_off should contain number 0x0820be84, but it has 0x1820be84 instead. That leads to the segfault on pointer dereference further. try_off depends on start_off variable, which is calculated incorrectly at line 4059. Variables before calculation: off = 0x0820be94 mask = 0x0fffffff incr = 0x10000000 N = 0x0820be84 Correct formula looks like start_off = (off & ~mask) ^ N; but we go to the else branch of if case and calculate start_off like so: start_off = ((off & ~mask) ^ incr) ^ N; which is leading to incorrect result. Maybe if statement should check for (off & ~mask) <= N instead of (off & mask) <= N? It works in my case. Anyways, the segfault check is not working. If incorrect value is passed in dv - command like so dv 0x0820be94 then we still have segfault. I found the way to catch segfaults though. With it and with if statement fix everything works correctly. I will make pr soon. — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

[DoITCreative]

How to get asan crashlog?

[radare]

Sys/asan.sh

…

On 30 Dec 2019, at 15:39, DoITCreative ***@***.***> wrote:  How to get asan crashlog? — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

[DoITCreative]

There is no such script in sys/

[DoITCreative]

I have created pr #15732 with working fix, I'm closing this pr.