search

fkie-cad / dewolf

A research decompiler implemented as a Binary Ninja plugin.
GNU Lesser General Public License v2.1
172 stars 9 forks source link

[KeyError@typing.py:155] KeyError: 8 #277

Closed bugfinder-bot closed 1 year ago

bugfinder-bot commented 1 year ago

What happened?


  File "/opt/dewolf/decompiler/util/bugfinder/bugfinder.py", line 190, in iter_function_reports
    task_result = self.decompile(function, options)
  File "/opt/dewolf/decompile.py", line 51, in decompile
    pipeline.run(task)
  File "/opt/dewolf/decompiler/pipeline/pipeline.py", line 109, in run
    raise e
  File "/opt/dewolf/decompiler/pipeline/pipeline.py", line 102, in run
    instance.run(task)
  File "/opt/dewolf/decompiler/pipeline/preprocessing/register_pair_handling.py", line 40, in run
    self._def_map, self._use_map, self._locations = self._parse_cfg(self.cfg)
  File "/opt/dewolf/decompiler/pipeline/preprocessing/register_pair_handling.py", line 57, in _parse_cfg
    use_map.add(instruction)
  File "/opt/dewolf/decompiler/structures/maps.py", line 51, in add
    self._map[used].add(instruction)
  File "/opt/dewolf/decompiler/structures/pseudo/expressions.py", line 64, in __hash__
    return hash(repr(self))
  File "/opt/dewolf/decompiler/structures/pseudo/instructions.py", line 173, in __repr__
    return f"{repr(self._destination)} = {repr(self._value)}"
  File "/opt/dewolf/decompiler/structures/pseudo/operations.py", line 332, in __repr__
    return f"{super().__repr__()} contract"
  File "/opt/dewolf/decompiler/structures/pseudo/operations.py", line 187, in __repr__
    return f"{self.operation.name} [{','.join(map(repr, self._operands))}] {self.type}"
  File "/opt/dewolf/decompiler/structures/pseudo/typing.py", line 155, in __str__
    return self.SIZE_TYPES[self.size]

Error class KeyError@typing.py:155 contains 16 cases.

How to reproduce?

python decompile.py fcfadcadb9c559e33619b126dc6166a9ff0115b050c5f592e08fea6da8c5f938 _ZN6ARDOUR13Panner2in2out16clamp_stereo_panERdS1_ --debug

sample: fcfadcadb9c559e33619b126dc6166a9ff0115b050c5f592e08fea6da8c5f938 case: https://bugfinder.seclab-bonn.de/case/1627/ dewolf commit: 1c34ffef Binaryninja version: 3.4.4271

NeoQuix commented 1 year ago

The problem is the following statement: rax.al = 0 > zmm0

The left side has the type float and the right CustomType(bool). Because we only use .al, we have a cast + type resize which leads to a float-8 as the right side has the size 8. Code that crashes because we have no representation (__str__) for the left side which is used by dictionaries.

NeoQuix commented 1 year ago

/cib

github-actions[bot] commented 1 year ago

Branch issue-277-_KeyError_typing_py_155_KeyError_8 created!

NeoQuix commented 1 year ago

Not really sure if i can do this every time: