lwerdna
commented
2 years ago @fuzyll Did the customer provide a means to reproduce this? Ideally a small binary with a particular function whose dataflow is ruined with a PAC instruction.
Closed fuzyll closed 1 year ago
lwerdna
commented
2 years ago @fuzyll Did the customer provide a means to reproduce this? Ideally a small binary with a particular function whose dataflow is ruined with a PAC instruction.
fuzyll
commented
1 year ago I followed up with the customer today to see if we can get a good sample. I don't currently have one myself.
lwerdna
commented
1 year ago I pretty sure this is solved by https://github.com/Vector35/arch-arm64/commit/3847e619459195db64b5a1ea14a445dbe1c4e8ce, but without a test case I can't confirm for this particular situation. More details at https://github.com/Vector35/binaryninja-api/issues/4638.
An Enterprise customer has reported that PAC instructions ruin dataflow. They're currently working around this by using an architecture hook to make manual patches and mark certain instructions as intrinsics, but ideally they wouldn't have to do that. We should modify our code instead such that PAC instructions don't stop dataflow.