Inconsistent `nullptr` usage for first member of any structure

[op2786]

Version and Platform (required):

• Binary Ninja Version: 3.4.4151-dev Personal, 737794d6
• OS: Windows 11, x64

Bug Description:

I've a structure named struct_c like this:

struct struct_c __packed
{
    HKEY key;
    HKEY key2;
    int32_t field_8;
    int32_t field_c;
    wchar16* explorer_reg_path;
    wchar16* current_ver_run_str;
    wchar16* inst_str;
    wchar16* init_windows_str;
    char* module_name;
    int32_t field_24;
    int32_t field_28;
    int32_t field_2c;
    struct struct_b stb;
};

In this structure's init function there is an interesting behaviour:

void __fastcall zero_init_struct_c(struct struct_c* stc)
004154ca  {
004154d1    stc->key = 0;
004154d3    stc->key2 = nullptr;
004154d6    stc->explorer_reg_path = nullptr;
004154d9    stc->current_ver_run_str = nullptr;
004154dc    stc->inst_str = nullptr;
004154df    stc->init_windows_str = nullptr;
004154e2    stc->module_name = nullptr;
004154e5    zero_init_struct_b(&stc->stb);
004154ce  }

As you can see, it's first member type is HKEY which is int32_t* under the hood but BN does not use nullptr for this first member. I guess this only happens for the first member of any structure. Even if it is some pointer BN does not uses nullptr.

Expected Behavior: I expect it to use nullptr.

[plafosse]

Any chance you can share a binary that displays this behavior?

[plafosse]

BNDB shared on slack search for: Angry Duck Kicks Tree I looked into this a bit the issues seems to be with MLIL specifically. For some reason were' not coercing that constant to a pointer. I don't know why this only effects the first member of the structure. This is not:

• A IL caching issue as you can change the type and redefine it and it persists
• An issue with failing to dereference the NTR, as you can change the HKEY to an int* and the issue remains I believe we have some special handling of the first member of a struct but I'm not familiar with that code.