Closed hidva closed 2 years ago
[rip+0xcf3666] at <+57> will trigger an error, and replace rip with rbp will be good, but there are another error:
[rip+0xcf3666]
<+57>
rip
rbp
WARNING: newnodes = map[uint64]*main.CFGNode{0x16a7381:(*main.CFGNode)(0xc0002811d0), 0x16a7384:(*main.CFGNode)(0xc0002817c0), 0x16a7387:(*main.CFGNode)(0xc000281db0), 0x16a738a:(*main.CFGNode)(0xc0002d8140)} panic: runtime error: index out of range [0] with length 0 goroutine 1 [running]: main.(*CFGNode).getDOTTooltip(...) /Users/zhanyi/project/org/hidva/as2cfg/as2cfg/as2cfg.go:29 main.CFGGraph2Dot(0xc00000c040, 0xc000088010, 0x11ac848) /Users/zhanyi/project/org/hidva/as2cfg/as2cfg/as2cfg.go:451 +0xd04 main.main() /Users/zhanyi/project/org/hidva/as2cfg/as2cfg/as2cfg.go:497 +0x115
0x00000000016a6582 <+0>: push rbp 0x00000000016a6583 <+1>: mov rbp,rsp 0x00000000016a6586 <+4>: push r15 0x00000000016a6588 <+6>: push r14 0x00000000016a658a <+8>: push r13 0x00000000016a658c <+10>: push r12 0x00000000016a658e <+12>: push rbx 0x00000000016a658f <+13>: sub rsp,0x118 0x00000000016a6596 <+20>: mov QWORD PTR [rbp-0x128],rdi 0x00000000016a659d <+27>: mov DWORD PTR [rbp-0x12c],esi 0x00000000016a65a3 <+33>: mov QWORD PTR [rbp-0x138],rdx 0x00000000016a65aa <+40>: mov QWORD PTR [rbp-0x140],rcx 0x00000000016a65b1 <+47>: lea r13,[rbp-0xd0] 0x00000000016a65b8 <+54>: mov r15,r13 0x00000000016a65bb <+57>: cmp DWORD PTR [rip+0xcf3666],0x0 0x00000000016a65c2 <+64>: je 0x16a65d6 <timesub+84> 0x00000000016a65c4 <+66>: mov edi,0xa0 0x00000000016a65c9 <+71>: call 0x4ebb10 <__asan_stack_malloc_2@plt> 0x00000000016a65ce <+76>: test rax,rax 0x00000000016a65d1 <+79>: je 0x16a65d6 <timesub+84> 0x00000000016a65d3 <+81>: mov r13,rax 0x00000000016a65d6 <+84>: lea rax,[r13+0xa0] 0x00000000016a65dd <+91>: mov rbx,rax 0x00000000016a65e0 <+94>: mov QWORD PTR [r13+0x0],0x41b58ab3 0x00000000016a65e8 <+102>: mov QWORD PTR [r13+0x8],0x1d7cf38 0x00000000016a65f0 <+110>: mov QWORD PTR [r13+0x10],0x16a6582 0x00000000016a65f8 <+118>: mov r12,r13 0x00000000016a65fb <+121>: shr r12,0x3 0x00000000016a65ff <+125>: mov DWORD PTR [r12+0x7fff8000],0xf1f1f1f1 0x00000000016a660b <+137>: mov DWORD PTR [r12+0x7fff8004],0xf4f4f404 0x00000000016a6617 <+149>: mov DWORD PTR [r12+0x7fff8008],0xf2f2f2f2 0x00000000016a6623 <+161>: mov DWORD PTR [r12+0x7fff800c],0xf4f4f404 0x00000000016a662f <+173>: mov DWORD PTR [r12+0x7fff8010],0xf3f3f3f3 0x00000000016a663b <+185>: mov QWORD PTR [rbp-0xf0],0x0 0x00000000016a6646 <+196>: mov BYTE PTR [rbp-0x111],0x0 0x00000000016a664d <+203>: cmp QWORD PTR [rbp-0x138],0x0 0x00000000016a6655 <+211>: je 0x16a6694 <timesub+274> 0x00000000016a6657 <+213>: mov rax,QWORD PTR [rbp-0x138] 0x00000000016a665e <+220>: mov rdx,rax 0x00000000016a6661 <+223>: mov rax,rdx 0x00000000016a6664 <+226>: shr rax,0x3 0x00000000016a6668 <+230>: add rax,0x7fff8000 0x00000000016a666e <+236>: movzx eax,BYTE PTR [rax] 0x00000000016a6671 <+239>: test al,al 0x00000000016a6673 <+241>: setne cl 0x00000000016a6676 <+244>: cmp al,0x3 0x00000000016a6678 <+246>: setle al 0x00000000016a667b <+249>: and eax,ecx 0x00000000016a667d <+251>: test al,al 0x00000000016a667f <+253>: je 0x16a6689 <timesub+263> 0x00000000016a6681 <+255>: mov rdi,rdx 0x00000000016a6684 <+258>: call 0x4e9b10 <__asan_report_load4@plt> 0x00000000016a6689 <+263>: mov rax,QWORD PTR [rbp-0x138] 0x00000000016a6690 <+270>: mov eax,DWORD PTR [rax] 0x00000000016a6692 <+272>: jmp 0x16a6699 <timesub+279> 0x00000000016a6694 <+274>: mov eax,0x0 0x00000000016a6699 <+279>: mov DWORD PTR [rbp-0x10c],eax 0x00000000016a669f <+285>: jmp 0x16a67e3 <timesub+609> 0x00000000016a66a4 <+290>: mov eax,DWORD PTR [rbp-0x10c] 0x00000000016a66aa <+296>: cdqe 0x00000000016a66ac <+298>: add rax,0x586 0x00000000016a66b2 <+304>: shl rax,0x4 0x00000000016a66b6 <+308>: mov rdx,rax 0x00000000016a66b9 <+311>: mov rax,QWORD PTR [rbp-0x138] 0x00000000016a66c0 <+318>: add rax,rdx 0x00000000016a66c3 <+321>: add rax,0x8 0x00000000016a66c7 <+325>: mov QWORD PTR [rbp-0xe8],rax 0x00000000016a66ce <+332>: mov rax,QWORD PTR [rbp-0x128] 0x00000000016a66d5 <+339>: mov rdx,rax 0x00000000016a66d8 <+342>: shr rdx,0x3 0x00000000016a66dc <+346>: add rdx,0x7fff8000 0x00000000016a66e3 <+353>: movzx edx,BYTE PTR [rdx] 0x00000000016a66e6 <+356>: test dl,dl 0x00000000016a66e8 <+358>: je 0x16a66f2 <timesub+368> 0x00000000016a66ea <+360>: mov rdi,rax 0x00000000016a66ed <+363>: call 0x4eaf60 <__asan_report_load8@plt> 0x00000000016a66f2 <+368>: mov rax,QWORD PTR [rbp-0x128] 0x00000000016a66f9 <+375>: mov rcx,QWORD PTR [rax] 0x00000000016a66fc <+378>: mov rax,QWORD PTR [rbp-0xe8] 0x00000000016a6703 <+385>: mov rdx,rax 0x00000000016a6706 <+388>: shr rdx,0x3 0x00000000016a670a <+392>: add rdx,0x7fff8000 0x00000000016a6711 <+399>: movzx edx,BYTE PTR [rdx] 0x00000000016a6714 <+402>: test dl,dl 0x00000000016a6716 <+404>: je 0x16a6720 <timesub+414> 0x00000000016a6718 <+406>: mov rdi,rax 0x00000000016a671b <+409>: call 0x4eaf60 <__asan_report_load8@plt> 0x00000000016a6720 <+414>: mov rax,QWORD PTR [rbp-0xe8] 0x00000000016a6727 <+421>: mov rax,QWORD PTR [rax] 0x00000000016a672a <+424>: cmp rcx,rax 0x00000000016a672d <+427>: jl 0x16a67e3 <timesub+609> 0x00000000016a6733 <+433>: mov rax,QWORD PTR [rbp-0xe8] 0x00000000016a673a <+440>: add rax,0x8 0x00000000016a673e <+444>: mov rdx,rax 0x00000000016a6741 <+447>: shr rdx,0x3 0x00000000016a6745 <+451>: add rdx,0x7fff8000 0x00000000016a674c <+458>: movzx edx,BYTE PTR [rdx] 0x00000000016a674f <+461>: test dl,dl 0x00000000016a6751 <+463>: je 0x16a675b <timesub+473> 0x00000000016a6753 <+465>: mov rdi,rax 0x00000000016a6756 <+468>: call 0x4eaf60 <__asan_report_load8@plt> 0x00000000016a675b <+473>: mov rax,QWORD PTR [rbp-0xe8] 0x00000000016a6762 <+480>: mov rax,QWORD PTR [rax+0x8] 0x00000000016a6766 <+484>: mov QWORD PTR [rbp-0xf0],rax 0x00000000016a676d <+491>: mov rax,QWORD PTR [rbp-0x128] 0x00000000016a6774 <+498>: mov rdx,QWORD PTR [rax] 0x00000000016a6777 <+501>: mov rax,QWORD PTR [rbp-0xe8] 0x00000000016a677e <+508>: mov rax,QWORD PTR [rax] 0x00000000016a6781 <+511>: cmp rdx,rax 0x00000000016a6784 <+514>: jne 0x16a67d6 <timesub+596> 0x00000000016a6786 <+516>: cmp DWORD PTR [rbp-0x10c],0x0 0x00000000016a678d <+523>: je 0x16a67c1 <timesub+575> 0x00000000016a678f <+525>: mov rax,QWORD PTR [rbp-0xe8] 0x00000000016a6796 <+532>: sub rax,0x10 0x00000000016a679a <+536>: lea rdx,[rax+0x8] 0x00000000016a679e <+540>: mov rcx,rdx 0x00000000016a67a1 <+543>: shr rcx,0x3 0x00000000016a67a5 <+547>: add rcx,0x7fff8000 0x00000000016a67ac <+554>: movzx ecx,BYTE PTR [rcx] 0x00000000016a67af <+557>: test cl,cl 0x00000000016a67b1 <+559>: je 0x16a67bb <timesub+569> 0x00000000016a67b3 <+561>: mov rdi,rdx 0x00000000016a67b6 <+564>: call 0x4eaf60 <__asan_report_load8@plt> 0x00000000016a67bb <+569>: mov rax,QWORD PTR [rax+0x8] 0x00000000016a67bf <+573>: jmp 0x16a67c6 <timesub+580> 0x00000000016a67c1 <+575>: mov eax,0x0 0x00000000016a67c6 <+580>: cmp rax,QWORD PTR [rbp-0xf0] 0x00000000016a67cd <+587>: jge 0x16a67d6 <timesub+596> 0x00000000016a67cf <+589>: mov eax,0x1 0x00000000016a67d4 <+594>: jmp 0x16a67db <timesub+601> 0x00000000016a67d6 <+596>: mov eax,0x0 0x00000000016a67db <+601>: mov BYTE PTR [rbp-0x111],al 0x00000000016a67e1 <+607>: jmp 0x16a67f7 <timesub+629> 0x00000000016a67e3 <+609>: sub DWORD PTR [rbp-0x10c],0x1 0x00000000016a67ea <+616>: cmp DWORD PTR [rbp-0x10c],0x0 0x00000000016a67f1 <+623>: jns 0x16a66a4 <timesub+290> 0x00000000016a67f7 <+629>: mov DWORD PTR [rbx-0x80],0x7b2 0x00000000016a67fe <+636>: mov rax,QWORD PTR [rbp-0x128] 0x00000000016a6805 <+643>: mov rdx,rax 0x00000000016a6808 <+646>: shr rdx,0x3 0x00000000016a680c <+650>: add rdx,0x7fff8000 0x00000000016a6813 <+657>: movzx edx,BYTE PTR [rdx] 0x00000000016a6816 <+660>: test dl,dl 0x00000000016a6818 <+662>: je 0x16a6822 <timesub+672> 0x00000000016a681a <+664>: mov rdi,rax 0x00000000016a681d <+667>: call 0x4eaf60 <__asan_report_load8@plt> 0x00000000016a6822 <+672>: mov rax,QWORD PTR [rbp-0x128] 0x00000000016a6829 <+679>: mov rcx,QWORD PTR [rax] 0x00000000016a682c <+682>: movabs rdx,0x1845c8a0ce512957 0x00000000016a6836 <+692>: mov rax,rcx 0x00000000016a6839 <+695>: imul rdx 0x00000000016a683c <+698>: sar rdx,0xd 0x00000000016a6840 <+702>: mov rax,rcx 0x00000000016a6843 <+705>: sar rax,0x3f 0x00000000016a6847 <+709>: sub rdx,rax 0x00000000016a684a <+712>: mov rax,rdx 0x00000000016a684d <+715>: mov QWORD PTR [rbp-0x100],rax 0x00000000016a6854 <+722>: mov rax,QWORD PTR [rbp-0x128] 0x00000000016a685b <+729>: mov rcx,QWORD PTR [rax] 0x00000000016a685e <+732>: movabs rdx,0x1845c8a0ce512957 0x00000000016a6868 <+742>: mov rax,rcx 0x00000000016a686b <+745>: imul rdx 0x00000000016a686e <+748>: sar rdx,0xd 0x00000000016a6872 <+752>: mov rax,rcx 0x00000000016a6875 <+755>: sar rax,0x3f 0x00000000016a6879 <+759>: sub rdx,rax 0x00000000016a687c <+762>: mov rax,rdx 0x00000000016a687f <+765>: mov QWORD PTR [rbp-0xf8],rax 0x00000000016a6886 <+772>: mov rax,QWORD PTR [rbp-0xf8] 0x00000000016a688d <+779>: imul rax,rax,0x15180 0x00000000016a6894 <+786>: sub rcx,rax 0x00000000016a6897 <+789>: mov rax,rcx 0x00000000016a689a <+792>: mov QWORD PTR [rbp-0xf8],rax 0x00000000016a68a1 <+799>: jmp 0x16a69ba <timesub+1080> 0x00000000016a68a6 <+804>: mov rcx,QWORD PTR [rbp-0x100] 0x00000000016a68ad <+811>: movabs rdx,0x2cc3d8d4a245f203 0x00000000016a68b7 <+821>: mov rax,rcx 0x00000000016a68ba <+824>: imul rdx 0x00000000016a68bd <+827>: sar rdx,0x6 0x00000000016a68c1 <+831>: mov rax,rcx 0x00000000016a68c4 <+834>: sar rax,0x3f 0x00000000016a68c8 <+838>: sub rdx,rax 0x00000000016a68cb <+841>: mov rax,rdx 0x00000000016a68ce <+844>: mov QWORD PTR [rbp-0xe0],rax 0x00000000016a68d5 <+851>: cmp QWORD PTR [rbp-0xe0],0xffffffff80000000 0x00000000016a68e0 <+862>: jl 0x16a738b <timesub+3593> 0x00000000016a68e6 <+868>: cmp QWORD PTR [rbp-0xe0],0x7fffffff 0x00000000016a68f1 <+879>: jg 0x16a738b <timesub+3593> 0x00000000016a68f7 <+885>: mov rax,QWORD PTR [rbp-0xe0] 0x00000000016a68fe <+892>: mov DWORD PTR [rbp-0x108],eax 0x00000000016a6904 <+898>: cmp DWORD PTR [rbp-0x108],0x0 0x00000000016a690b <+905>: jne 0x16a6929 <timesub+935> 0x00000000016a690d <+907>: cmp QWORD PTR [rbp-0x100],0x0 0x00000000016a6915 <+915>: jns 0x16a691e <timesub+924> 0x00000000016a6917 <+917>: mov eax,0xffffffff 0x00000000016a691c <+922>: jmp 0x16a6923 <timesub+929> 0x00000000016a691e <+924>: mov eax,0x1 0x00000000016a6923 <+929>: mov DWORD PTR [rbp-0x108],eax 0x00000000016a6929 <+935>: mov eax,DWORD PTR [rbx-0x80] 0x00000000016a692c <+938>: mov DWORD PTR [rbx-0x40],eax 0x00000000016a692f <+941>: mov edx,DWORD PTR [rbp-0x108] 0x00000000016a6935 <+947>: lea rax,[rbx-0x40] 0x00000000016a6939 <+951>: mov esi,edx 0x00000000016a693b <+953>: mov rdi,rax 0x00000000016a693e <+956>: call 0x16a744a <increment_overflow> 0x00000000016a6943 <+961>: test al,al 0x00000000016a6945 <+963>: jne 0x16a7381 <timesub+3583> 0x00000000016a694b <+969>: mov eax,DWORD PTR [rbx-0x40] 0x00000000016a694e <+972>: sub eax,0x1 0x00000000016a6951 <+975>: mov edi,eax 0x00000000016a6953 <+977>: call 0x16a6555 <leaps_thru_end_of> 0x00000000016a6958 <+982>: mov r14d,eax 0x00000000016a695b <+985>: mov eax,DWORD PTR [rbx-0x80] 0x00000000016a695e <+988>: sub eax,0x1 0x00000000016a6961 <+991>: mov edi,eax 0x00000000016a6963 <+993>: call 0x16a6555 <leaps_thru_end_of> 0x00000000016a6968 <+998>: sub r14d,eax 0x00000000016a696b <+1001>: mov eax,r14d 0x00000000016a696e <+1004>: mov DWORD PTR [rbp-0x104],eax 0x00000000016a6974 <+1010>: mov eax,DWORD PTR [rbx-0x80] 0x00000000016a6977 <+1013>: movsxd rdx,eax 0x00000000016a697a <+1016>: mov eax,DWORD PTR [rbx-0x40] 0x00000000016a697d <+1019>: cdqe 0x00000000016a697f <+1021>: sub rdx,rax 0x00000000016a6982 <+1024>: mov rax,rdx 0x00000000016a6985 <+1027>: shl rax,0x3 0x00000000016a6989 <+1031>: add rax,rdx 0x00000000016a698c <+1034>: shl rax,0x3 0x00000000016a6990 <+1038>: add rax,rdx 0x00000000016a6993 <+1041>: lea rdx,[rax*4+0x0] 0x00000000016a699b <+1049>: add rax,rdx 0x00000000016a699e <+1052>: add QWORD PTR [rbp-0x100],rax 0x00000000016a69a5 <+1059>: mov eax,DWORD PTR [rbp-0x104] 0x00000000016a69ab <+1065>: cdqe 0x00000000016a69ad <+1067>: sub QWORD PTR [rbp-0x100],rax 0x00000000016a69b4 <+1074>: mov eax,DWORD PTR [rbx-0x40] 0x00000000016a69b7 <+1077>: mov DWORD PTR [rbx-0x80],eax 0x00000000016a69ba <+1080>: cmp QWORD PTR [rbp-0x100],0x0 0x00000000016a69c2 <+1088>: js 0x16a68a6 <timesub+804> 0x00000000016a69c8 <+1094>: mov eax,DWORD PTR [rbx-0x80] 0x00000000016a69cb <+1097>: and eax,0x3 0x00000000016a69ce <+1100>: test eax,eax 0x00000000016a69d0 <+1102>: jne 0x16a6a22 <timesub+1184> 0x00000000016a69d2 <+1104>: mov ecx,DWORD PTR [rbx-0x80] 0x00000000016a69d5 <+1107>: mov edx,0x51eb851f 0x00000000016a69da <+1112>: mov eax,ecx 0x00000000016a69dc <+1114>: imul edx 0x00000000016a69de <+1116>: sar edx,0x5 0x00000000016a69e1 <+1119>: mov eax,ecx 0x00000000016a69e3 <+1121>: sar eax,0x1f 0x00000000016a69e6 <+1124>: sub edx,eax 0x00000000016a69e8 <+1126>: mov eax,edx 0x00000000016a69ea <+1128>: imul eax,eax,0x64 0x00000000016a69ed <+1131>: sub ecx,eax 0x00000000016a69ef <+1133>: mov eax,ecx 0x00000000016a69f1 <+1135>: test eax,eax 0x00000000016a69f3 <+1137>: jne 0x16a6a1b <timesub+1177> 0x00000000016a69f5 <+1139>: mov ecx,DWORD PTR [rbx-0x80] 0x00000000016a69f8 <+1142>: mov edx,0x51eb851f 0x00000000016a69fd <+1147>: mov eax,ecx 0x00000000016a69ff <+1149>: imul edx 0x00000000016a6a01 <+1151>: sar edx,0x7 0x00000000016a6a04 <+1154>: mov eax,ecx 0x00000000016a6a06 <+1156>: sar eax,0x1f 0x00000000016a6a09 <+1159>: sub edx,eax 0x00000000016a6a0b <+1161>: mov eax,edx 0x00000000016a6a0d <+1163>: imul eax,eax,0x190 0x00000000016a6a13 <+1169>: sub ecx,eax 0x00000000016a6a15 <+1171>: mov eax,ecx 0x00000000016a6a17 <+1173>: test eax,eax 0x00000000016a6a19 <+1175>: jne 0x16a6a22 <timesub+1184> 0x00000000016a6a1b <+1177>: mov edx,0x1 0x00000000016a6a20 <+1182>: jmp 0x16a6a27 <timesub+1189> 0x00000000016a6a22 <+1184>: mov edx,0x0 0x00000000016a6a27 <+1189>: movsxd rax,edx 0x00000000016a6a2a <+1192>: shl rax,0x2 0x00000000016a6a2e <+1196>: add rax,0x1d7cde0 0x00000000016a6a34 <+1202>: mov rcx,rax 0x00000000016a6a37 <+1205>: shr rcx,0x3 0x00000000016a6a3b <+1209>: add rcx,0x7fff8000 0x00000000016a6a42 <+1216>: movzx ecx,BYTE PTR [rcx] 0x00000000016a6a45 <+1219>: test cl,cl 0x00000000016a6a47 <+1221>: setne sil 0x00000000016a6a4b <+1225>: mov rdi,rax 0x00000000016a6a4e <+1228>: and edi,0x7 0x00000000016a6a51 <+1231>: add edi,0x3 0x00000000016a6a54 <+1234>: cmp dil,cl 0x00000000016a6a57 <+1237>: setge cl 0x00000000016a6a5a <+1240>: and ecx,esi 0x00000000016a6a5c <+1242>: test cl,cl 0x00000000016a6a5e <+1244>: je 0x16a6a68 <timesub+1254> 0x00000000016a6a60 <+1246>: mov rdi,rax 0x00000000016a6a63 <+1249>: call 0x4e9b10 <__asan_report_load4@plt> 0x00000000016a6a68 <+1254>: movsxd rax,edx 0x00000000016a6a6b <+1257>: mov eax,DWORD PTR [rax*4+0x1d7cde0] 0x00000000016a6a72 <+1264>: cdqe 0x00000000016a6a74 <+1266>: cmp rax,QWORD PTR [rbp-0x100] 0x00000000016a6a7b <+1273>: jle 0x16a68a6 <timesub+804> 0x00000000016a6a81 <+1279>: mov rax,QWORD PTR [rbp-0x100] 0x00000000016a6a88 <+1286>: mov DWORD PTR [rbp-0x110],eax 0x00000000016a6a8e <+1292>: mov eax,DWORD PTR [rbp-0x12c] 0x00000000016a6a94 <+1298>: cdqe 0x00000000016a6a96 <+1300>: sub rax,QWORD PTR [rbp-0xf0] 0x00000000016a6a9d <+1307>: add QWORD PTR [rbp-0xf8],rax 0x00000000016a6aa4 <+1314>: jmp 0x16a6ab8 <timesub+1334> 0x00000000016a6aa6 <+1316>: add QWORD PTR [rbp-0xf8],0x15180 0x00000000016a6ab1 <+1327>: sub DWORD PTR [rbp-0x110],0x1 0x00000000016a6ab8 <+1334>: cmp QWORD PTR [rbp-0xf8],0x0 0x00000000016a6ac0 <+1342>: js 0x16a6aa6 <timesub+1316> 0x00000000016a6ac2 <+1344>: jmp 0x16a6ad6 <timesub+1364> 0x00000000016a6ac4 <+1346>: sub QWORD PTR [rbp-0xf8],0x15180 0x00000000016a6acf <+1357>: add DWORD PTR [rbp-0x110],0x1 0x00000000016a6ad6 <+1364>: cmp QWORD PTR [rbp-0xf8],0x1517f 0x00000000016a6ae1 <+1375>: jg 0x16a6ac4 <timesub+1346> 0x00000000016a6ae3 <+1377>: jmp 0x16a6bb1 <timesub+1583> 0x00000000016a6ae8 <+1382>: lea rax,[rbx-0x80] 0x00000000016a6aec <+1386>: mov esi,0xffffffff 0x00000000016a6af1 <+1391>: mov rdi,rax 0x00000000016a6af4 <+1394>: call 0x16a744a <increment_overflow> 0x00000000016a6af9 <+1399>: test al,al 0x00000000016a6afb <+1401>: jne 0x16a7384 <timesub+3586> 0x00000000016a6b01 <+1407>: mov eax,DWORD PTR [rbx-0x80] 0x00000000016a6b04 <+1410>: and eax,0x3 0x00000000016a6b07 <+1413>: test eax,eax 0x00000000016a6b09 <+1415>: jne 0x16a6b5b <timesub+1497> 0x00000000016a6b0b <+1417>: mov ecx,DWORD PTR [rbx-0x80] 0x00000000016a6b0e <+1420>: mov edx,0x51eb851f 0x00000000016a6b13 <+1425>: mov eax,ecx 0x00000000016a6b15 <+1427>: imul edx 0x00000000016a6b17 <+1429>: sar edx,0x5 0x00000000016a6b1a <+1432>: mov eax,ecx 0x00000000016a6b1c <+1434>: sar eax,0x1f 0x00000000016a6b1f <+1437>: sub edx,eax 0x00000000016a6b21 <+1439>: mov eax,edx 0x00000000016a6b23 <+1441>: imul eax,eax,0x64 0x00000000016a6b26 <+1444>: sub ecx,eax 0x00000000016a6b28 <+1446>: mov eax,ecx 0x00000000016a6b2a <+1448>: test eax,eax 0x00000000016a6b2c <+1450>: jne 0x16a6b54 <timesub+1490> 0x00000000016a6b2e <+1452>: mov ecx,DWORD PTR [rbx-0x80] 0x00000000016a6b31 <+1455>: mov edx,0x51eb851f 0x00000000016a6b36 <+1460>: mov eax,ecx 0x00000000016a6b38 <+1462>: imul edx 0x00000000016a6b3a <+1464>: sar edx,0x7 0x00000000016a6b3d <+1467>: mov eax,ecx 0x00000000016a6b3f <+1469>: sar eax,0x1f 0x00000000016a6b42 <+1472>: sub edx,eax 0x00000000016a6b44 <+1474>: mov eax,edx 0x00000000016a6b46 <+1476>: imul eax,eax,0x190 0x00000000016a6b4c <+1482>: sub ecx,eax 0x00000000016a6b4e <+1484>: mov eax,ecx 0x00000000016a6b50 <+1486>: test eax,eax 0x00000000016a6b52 <+1488>: jne 0x16a6b5b <timesub+1497> 0x00000000016a6b54 <+1490>: mov edx,0x1 0x00000000016a6b59 <+1495>: jmp 0x16a6b60 <timesub+1502> 0x00000000016a6b5b <+1497>: mov edx,0x0 0x00000000016a6b60 <+1502>: movsxd rax,edx 0x00000000016a6b63 <+1505>: shl rax,0x2 0x00000000016a6b67 <+1509>: add rax,0x1d7cde0 0x00000000016a6b6d <+1515>: mov rcx,rax 0x00000000016a6b70 <+1518>: shr rcx,0x3 0x00000000016a6b74 <+1522>: add rcx,0x7fff8000 0x00000000016a6b7b <+1529>: movzx ecx,BYTE PTR [rcx] 0x00000000016a6b7e <+1532>: test cl,cl 0x00000000016a6b80 <+1534>: setne sil 0x00000000016a6b84 <+1538>: mov rdi,rax 0x00000000016a6b87 <+1541>: and edi,0x7 0x00000000016a6b8a <+1544>: add edi,0x3 0x00000000016a6b8d <+1547>: cmp dil,cl 0x00000000016a6b90 <+1550>: setge cl 0x00000000016a6b93 <+1553>: and ecx,esi 0x00000000016a6b95 <+1555>: test cl,cl 0x00000000016a6b97 <+1557>: je 0x16a6ba1 <timesub+1567> 0x00000000016a6b99 <+1559>: mov rdi,rax 0x00000000016a6b9c <+1562>: call 0x4e9b10 <__asan_report_load4@plt> 0x00000000016a6ba1 <+1567>: movsxd rax,edx 0x00000000016a6ba4 <+1570>: mov eax,DWORD PTR [rax*4+0x1d7cde0] 0x00000000016a6bab <+1577>: add DWORD PTR [rbp-0x110],eax 0x00000000016a6bb1 <+1583>: cmp DWORD PTR [rbp-0x110],0x0 0x00000000016a6bb8 <+1590>: js 0x16a6ae8 <timesub+1382> 0x00000000016a6bbe <+1596>: jmp 0x16a6c8c <timesub+1802> 0x00000000016a6bc3 <+1601>: mov eax,DWORD PTR [rbx-0x80] 0x00000000016a6bc6 <+1604>: and eax,0x3 0x00000000016a6bc9 <+1607>: test eax,eax 0x00000000016a6bcb <+1609>: jne 0x16a6c1d <timesub+1691> 0x00000000016a6bcd <+1611>: mov ecx,DWORD PTR [rbx-0x80] 0x00000000016a6bd0 <+1614>: mov edx,0x51eb851f 0x00000000016a6bd5 <+1619>: mov eax,ecx 0x00000000016a6bd7 <+1621>: imul edx 0x00000000016a6bd9 <+1623>: sar edx,0x5 0x00000000016a6bdc <+1626>: mov eax,ecx 0x00000000016a6bde <+1628>: sar eax,0x1f 0x00000000016a6be1 <+1631>: sub edx,eax 0x00000000016a6be3 <+1633>: mov eax,edx 0x00000000016a6be5 <+1635>: imul eax,eax,0x64 0x00000000016a6be8 <+1638>: sub ecx,eax 0x00000000016a6bea <+1640>: mov eax,ecx 0x00000000016a6bec <+1642>: test eax,eax 0x00000000016a6bee <+1644>: jne 0x16a6c16 <timesub+1684> 0x00000000016a6bf0 <+1646>: mov ecx,DWORD PTR [rbx-0x80] 0x00000000016a6bf3 <+1649>: mov edx,0x51eb851f 0x00000000016a6bf8 <+1654>: mov eax,ecx 0x00000000016a6bfa <+1656>: imul edx 0x00000000016a6bfc <+1658>: sar edx,0x7 0x00000000016a6bff <+1661>: mov eax,ecx 0x00000000016a6c01 <+1663>: sar eax,0x1f 0x00000000016a6c04 <+1666>: sub edx,eax 0x00000000016a6c06 <+1668>: mov eax,edx 0x00000000016a6c08 <+1670>: imul eax,eax,0x190 0x00000000016a6c0e <+1676>: sub ecx,eax 0x00000000016a6c10 <+1678>: mov eax,ecx 0x00000000016a6c12 <+1680>: test eax,eax 0x00000000016a6c14 <+1682>: jne 0x16a6c1d <timesub+1691> 0x00000000016a6c16 <+1684>: mov edx,0x1 0x00000000016a6c1b <+1689>: jmp 0x16a6c22 <timesub+1696> 0x00000000016a6c1d <+1691>: mov edx,0x0 0x00000000016a6c22 <+1696>: movsxd rax,edx 0x00000000016a6c25 <+1699>: shl rax,0x2 0x00000000016a6c29 <+1703>: add rax,0x1d7cde0 0x00000000016a6c2f <+1709>: mov rcx,rax 0x00000000016a6c32 <+1712>: shr rcx,0x3 0x00000000016a6c36 <+1716>: add rcx,0x7fff8000 0x00000000016a6c3d <+1723>: movzx ecx,BYTE PTR [rcx] 0x00000000016a6c40 <+1726>: test cl,cl 0x00000000016a6c42 <+1728>: setne sil 0x00000000016a6c46 <+1732>: mov rdi,rax 0x00000000016a6c49 <+1735>: and edi,0x7 0x00000000016a6c4c <+1738>: add edi,0x3 0x00000000016a6c4f <+1741>: cmp dil,cl 0x00000000016a6c52 <+1744>: setge cl 0x00000000016a6c55 <+1747>: and ecx,esi 0x00000000016a6c57 <+1749>: test cl,cl 0x00000000016a6c59 <+1751>: je 0x16a6c63 <timesub+1761> 0x00000000016a6c5b <+1753>: mov rdi,rax 0x00000000016a6c5e <+1756>: call 0x4e9b10 <__asan_report_load4@plt> 0x00000000016a6c63 <+1761>: movsxd rax,edx 0x00000000016a6c66 <+1764>: mov eax,DWORD PTR [rax*4+0x1d7cde0] 0x00000000016a6c6d <+1771>: sub DWORD PTR [rbp-0x110],eax 0x00000000016a6c73 <+1777>: lea rax,[rbx-0x80] 0x00000000016a6c77 <+1781>: mov esi,0x1 0x00000000016a6c7c <+1786>: mov rdi,rax 0x00000000016a6c7f <+1789>: call 0x16a744a <increment_overflow> 0x00000000016a6c84 <+1794>: test al,al 0x00000000016a6c86 <+1796>: jne 0x16a7387 <timesub+3589> 0x00000000016a6c8c <+1802>: mov eax,DWORD PTR [rbx-0x80] 0x00000000016a6c8f <+1805>: and eax,0x3 0x00000000016a6c92 <+1808>: test eax,eax 0x00000000016a6c94 <+1810>: jne 0x16a6ce6 <timesub+1892> 0x00000000016a6c96 <+1812>: mov ecx,DWORD PTR [rbx-0x80] 0x00000000016a6c99 <+1815>: mov edx,0x51eb851f 0x00000000016a6c9e <+1820>: mov eax,ecx 0x00000000016a6ca0 <+1822>: imul edx 0x00000000016a6ca2 <+1824>: sar edx,0x5 0x00000000016a6ca5 <+1827>: mov eax,ecx 0x00000000016a6ca7 <+1829>: sar eax,0x1f 0x00000000016a6caa <+1832>: sub edx,eax 0x00000000016a6cac <+1834>: mov eax,edx 0x00000000016a6cae <+1836>: imul eax,eax,0x64 0x00000000016a6cb1 <+1839>: sub ecx,eax 0x00000000016a6cb3 <+1841>: mov eax,ecx 0x00000000016a6cb5 <+1843>: test eax,eax 0x00000000016a6cb7 <+1845>: jne 0x16a6cdf <timesub+1885> 0x00000000016a6cb9 <+1847>: mov ecx,DWORD PTR [rbx-0x80] 0x00000000016a6cbc <+1850>: mov edx,0x51eb851f 0x00000000016a6cc1 <+1855>: mov eax,ecx 0x00000000016a6cc3 <+1857>: imul edx 0x00000000016a6cc5 <+1859>: sar edx,0x7 0x00000000016a6cc8 <+1862>: mov eax,ecx 0x00000000016a6cca <+1864>: sar eax,0x1f 0x00000000016a6ccd <+1867>: sub edx,eax 0x00000000016a6ccf <+1869>: mov eax,edx 0x00000000016a6cd1 <+1871>: imul eax,eax,0x190 0x00000000016a6cd7 <+1877>: sub ecx,eax 0x00000000016a6cd9 <+1879>: mov eax,ecx 0x00000000016a6cdb <+1881>: test eax,eax 0x00000000016a6cdd <+1883>: jne 0x16a6ce6 <timesub+1892> 0x00000000016a6cdf <+1885>: mov edx,0x1 0x00000000016a6ce4 <+1890>: jmp 0x16a6ceb <timesub+1897> 0x00000000016a6ce6 <+1892>: mov edx,0x0 0x00000000016a6ceb <+1897>: movsxd rax,edx 0x00000000016a6cee <+1900>: shl rax,0x2 0x00000000016a6cf2 <+1904>: add rax,0x1d7cde0 0x00000000016a6cf8 <+1910>: mov rcx,rax 0x00000000016a6cfb <+1913>: shr rcx,0x3 0x00000000016a6cff <+1917>: add rcx,0x7fff8000 0x00000000016a6d06 <+1924>: movzx ecx,BYTE PTR [rcx] 0x00000000016a6d09 <+1927>: test cl,cl 0x00000000016a6d0b <+1929>: setne sil 0x00000000016a6d0f <+1933>: mov rdi,rax 0x00000000016a6d12 <+1936>: and edi,0x7 0x00000000016a6d15 <+1939>: add edi,0x3 0x00000000016a6d18 <+1942>: cmp dil,cl 0x00000000016a6d1b <+1945>: setge cl 0x00000000016a6d1e <+1948>: and ecx,esi 0x00000000016a6d20 <+1950>: test cl,cl 0x00000000016a6d22 <+1952>: je 0x16a6d2c <timesub+1962> 0x00000000016a6d24 <+1954>: mov rdi,rax 0x00000000016a6d27 <+1957>: call 0x4e9b10 <__asan_report_load4@plt> 0x00000000016a6d2c <+1962>: movsxd rax,edx 0x00000000016a6d2f <+1965>: mov eax,DWORD PTR [rax*4+0x1d7cde0] 0x00000000016a6d36 <+1972>: cmp eax,DWORD PTR [rbp-0x110] 0x00000000016a6d3c <+1978>: jle 0x16a6bc3 <timesub+1601> 0x00000000016a6d42 <+1984>: mov ecx,DWORD PTR [rbx-0x80] 0x00000000016a6d45 <+1987>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a6d4c <+1994>: add rax,0x14 0x00000000016a6d50 <+1998>: mov rdx,rax 0x00000000016a6d53 <+2001>: shr rdx,0x3 0x00000000016a6d57 <+2005>: add rdx,0x7fff8000 0x00000000016a6d5e <+2012>: movzx edx,BYTE PTR [rdx] 0x00000000016a6d61 <+2015>: test dl,dl 0x00000000016a6d63 <+2017>: setne sil 0x00000000016a6d67 <+2021>: mov rdi,rax 0x00000000016a6d6a <+2024>: and edi,0x7 0x00000000016a6d6d <+2027>: add edi,0x3 0x00000000016a6d70 <+2030>: cmp dil,dl 0x00000000016a6d73 <+2033>: setge dl 0x00000000016a6d76 <+2036>: and edx,esi 0x00000000016a6d78 <+2038>: test dl,dl 0x00000000016a6d7a <+2040>: je 0x16a6d84 <timesub+2050> 0x00000000016a6d7c <+2042>: mov rdi,rax 0x00000000016a6d7f <+2045>: call 0x4e9bc0 <__asan_report_store4@plt> 0x00000000016a6d84 <+2050>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a6d8b <+2057>: mov DWORD PTR [rax+0x14],ecx 0x00000000016a6d8e <+2060>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a6d95 <+2067>: add rax,0x14 0x00000000016a6d99 <+2071>: mov esi,0xfffff894 0x00000000016a6d9e <+2076>: mov rdi,rax 0x00000000016a6da1 <+2079>: call 0x16a744a <increment_overflow> 0x00000000016a6da6 <+2084>: test al,al 0x00000000016a6da8 <+2086>: jne 0x16a738a <timesub+3592> 0x00000000016a6dae <+2092>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a6db5 <+2099>: add rax,0x1c 0x00000000016a6db9 <+2103>: mov rdx,rax 0x00000000016a6dbc <+2106>: shr rdx,0x3 0x00000000016a6dc0 <+2110>: add rdx,0x7fff8000 0x00000000016a6dc7 <+2117>: movzx edx,BYTE PTR [rdx] 0x00000000016a6dca <+2120>: test dl,dl 0x00000000016a6dcc <+2122>: setne cl 0x00000000016a6dcf <+2125>: mov rsi,rax 0x00000000016a6dd2 <+2128>: and esi,0x7 0x00000000016a6dd5 <+2131>: add esi,0x3 0x00000000016a6dd8 <+2134>: cmp sil,dl 0x00000000016a6ddb <+2137>: setge dl 0x00000000016a6dde <+2140>: and edx,ecx 0x00000000016a6de0 <+2142>: test dl,dl 0x00000000016a6de2 <+2144>: je 0x16a6dec <timesub+2154> 0x00000000016a6de4 <+2146>: mov rdi,rax 0x00000000016a6de7 <+2149>: call 0x4e9bc0 <__asan_report_store4@plt> 0x00000000016a6dec <+2154>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a6df3 <+2161>: mov edx,DWORD PTR [rbp-0x110] 0x00000000016a6df9 <+2167>: mov DWORD PTR [rax+0x1c],edx 0x00000000016a6dfc <+2170>: mov eax,DWORD PTR [rbx-0x80] 0x00000000016a6dff <+2173>: lea ecx,[rax-0x7b2] 0x00000000016a6e05 <+2179>: mov edx,0x92492493 0x00000000016a6e0a <+2184>: mov eax,ecx 0x00000000016a6e0c <+2186>: imul edx 0x00000000016a6e0e <+2188>: lea eax,[rdx+rcx*1] 0x00000000016a6e11 <+2191>: sar eax,0x2 0x00000000016a6e14 <+2194>: mov edx,eax 0x00000000016a6e16 <+2196>: mov eax,ecx 0x00000000016a6e18 <+2198>: sar eax,0x1f 0x00000000016a6e1b <+2201>: sub edx,eax 0x00000000016a6e1d <+2203>: mov r14d,edx 0x00000000016a6e20 <+2206>: mov eax,r14d 0x00000000016a6e23 <+2209>: shl eax,0x3 0x00000000016a6e26 <+2212>: sub eax,r14d 0x00000000016a6e29 <+2215>: sub ecx,eax 0x00000000016a6e2b <+2217>: mov r14d,ecx 0x00000000016a6e2e <+2220>: mov eax,DWORD PTR [rbx-0x80] 0x00000000016a6e31 <+2223>: sub eax,0x1 0x00000000016a6e34 <+2226>: mov edi,eax 0x00000000016a6e36 <+2228>: call 0x16a6555 <leaps_thru_end_of> 0x00000000016a6e3b <+2233>: add r14d,eax 0x00000000016a6e3e <+2236>: mov edi,0x7b1 0x00000000016a6e43 <+2241>: call 0x16a6555 <leaps_thru_end_of> 0x00000000016a6e48 <+2246>: mov edx,r14d 0x00000000016a6e4b <+2249>: sub edx,eax 0x00000000016a6e4d <+2251>: mov eax,DWORD PTR [rbp-0x110] 0x00000000016a6e53 <+2257>: add eax,edx 0x00000000016a6e55 <+2259>: lea ecx,[rax+0x4] 0x00000000016a6e58 <+2262>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a6e5f <+2269>: add rax,0x18 0x00000000016a6e63 <+2273>: mov rdx,rax 0x00000000016a6e66 <+2276>: mov rax,rdx 0x00000000016a6e69 <+2279>: shr rax,0x3 0x00000000016a6e6d <+2283>: add rax,0x7fff8000 0x00000000016a6e73 <+2289>: movzx eax,BYTE PTR [rax] 0x00000000016a6e76 <+2292>: test al,al 0x00000000016a6e78 <+2294>: setne sil 0x00000000016a6e7c <+2298>: cmp al,0x3 0x00000000016a6e7e <+2300>: setle al 0x00000000016a6e81 <+2303>: and eax,esi 0x00000000016a6e83 <+2305>: test al,al 0x00000000016a6e85 <+2307>: je 0x16a6e8f <timesub+2317> 0x00000000016a6e87 <+2309>: mov rdi,rdx 0x00000000016a6e8a <+2312>: call 0x4e9bc0 <__asan_report_store4@plt> 0x00000000016a6e8f <+2317>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a6e96 <+2324>: mov DWORD PTR [rax+0x18],ecx 0x00000000016a6e99 <+2327>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a6ea0 <+2334>: mov ecx,DWORD PTR [rax+0x18] 0x00000000016a6ea3 <+2337>: mov edx,0x92492493 0x00000000016a6ea8 <+2342>: mov eax,ecx 0x00000000016a6eaa <+2344>: imul edx 0x00000000016a6eac <+2346>: lea eax,[rdx+rcx*1] 0x00000000016a6eaf <+2349>: sar eax,0x2 0x00000000016a6eb2 <+2352>: mov edx,eax 0x00000000016a6eb4 <+2354>: mov eax,ecx 0x00000000016a6eb6 <+2356>: sar eax,0x1f 0x00000000016a6eb9 <+2359>: sub edx,eax 0x00000000016a6ebb <+2361>: mov eax,edx 0x00000000016a6ebd <+2363>: mov edx,eax 0x00000000016a6ebf <+2365>: shl edx,0x3 0x00000000016a6ec2 <+2368>: sub edx,eax 0x00000000016a6ec4 <+2370>: mov eax,ecx 0x00000000016a6ec6 <+2372>: sub eax,edx 0x00000000016a6ec8 <+2374>: mov rdx,QWORD PTR [rbp-0x140] 0x00000000016a6ecf <+2381>: mov DWORD PTR [rdx+0x18],eax 0x00000000016a6ed2 <+2384>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a6ed9 <+2391>: mov eax,DWORD PTR [rax+0x18] 0x00000000016a6edc <+2394>: test eax,eax 0x00000000016a6ede <+2396>: jns 0x16a6ef7 <timesub+2421> 0x00000000016a6ee0 <+2398>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a6ee7 <+2405>: mov eax,DWORD PTR [rax+0x18] 0x00000000016a6eea <+2408>: lea edx,[rax+0x7] 0x00000000016a6eed <+2411>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a6ef4 <+2418>: mov DWORD PTR [rax+0x18],edx 0x00000000016a6ef7 <+2421>: mov rcx,QWORD PTR [rbp-0xf8] 0x00000000016a6efe <+2428>: movabs rdx,0x48d159e26af37c05 0x00000000016a6f08 <+2438>: mov rax,rcx 0x00000000016a6f0b <+2441>: imul rdx 0x00000000016a6f0e <+2444>: sar rdx,0xa 0x00000000016a6f12 <+2448>: mov rax,rcx 0x00000000016a6f15 <+2451>: sar rax,0x3f 0x00000000016a6f19 <+2455>: sub rdx,rax 0x00000000016a6f1c <+2458>: mov rax,rdx 0x00000000016a6f1f <+2461>: mov esi,eax 0x00000000016a6f21 <+2463>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a6f28 <+2470>: add rax,0x8 0x00000000016a6f2c <+2474>: mov rdx,rax 0x00000000016a6f2f <+2477>: mov rax,rdx 0x00000000016a6f32 <+2480>: shr rax,0x3 0x00000000016a6f36 <+2484>: add rax,0x7fff8000 0x00000000016a6f3c <+2490>: movzx eax,BYTE PTR [rax] 0x00000000016a6f3f <+2493>: test al,al 0x00000000016a6f41 <+2495>: setne cl 0x00000000016a6f44 <+2498>: cmp al,0x3 0x00000000016a6f46 <+2500>: setle al 0x00000000016a6f49 <+2503>: and eax,ecx 0x00000000016a6f4b <+2505>: test al,al 0x00000000016a6f4d <+2507>: je 0x16a6f57 <timesub+2517> 0x00000000016a6f4f <+2509>: mov rdi,rdx 0x00000000016a6f52 <+2512>: call 0x4e9bc0 <__asan_report_store4@plt> 0x00000000016a6f57 <+2517>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a6f5e <+2524>: mov DWORD PTR [rax+0x8],esi 0x00000000016a6f61 <+2527>: mov rcx,QWORD PTR [rbp-0xf8] 0x00000000016a6f68 <+2534>: movabs rdx,0x48d159e26af37c05 0x00000000016a6f72 <+2544>: mov rax,rcx 0x00000000016a6f75 <+2547>: imul rdx 0x00000000016a6f78 <+2550>: sar rdx,0xa 0x00000000016a6f7c <+2554>: mov rax,rcx 0x00000000016a6f7f <+2557>: sar rax,0x3f 0x00000000016a6f83 <+2561>: sub rdx,rax 0x00000000016a6f86 <+2564>: mov rax,rdx 0x00000000016a6f89 <+2567>: imul rax,rax,0xe10 0x00000000016a6f90 <+2574>: sub rcx,rax 0x00000000016a6f93 <+2577>: mov rax,rcx 0x00000000016a6f96 <+2580>: mov QWORD PTR [rbp-0xf8],rax 0x00000000016a6f9d <+2587>: mov rcx,QWORD PTR [rbp-0xf8] 0x00000000016a6fa4 <+2594>: movabs rdx,0x8888888888888889 0x00000000016a6fae <+2604>: mov rax,rcx 0x00000000016a6fb1 <+2607>: imul rdx 0x00000000016a6fb4 <+2610>: lea rax,[rdx+rcx*1] 0x00000000016a6fb8 <+2614>: sar rax,0x5 0x00000000016a6fbc <+2618>: mov rdx,rax 0x00000000016a6fbf <+2621>: mov rax,rcx 0x00000000016a6fc2 <+2624>: sar rax,0x3f 0x00000000016a6fc6 <+2628>: sub rdx,rax 0x00000000016a6fc9 <+2631>: mov rax,rdx 0x00000000016a6fcc <+2634>: mov edi,eax 0x00000000016a6fce <+2636>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a6fd5 <+2643>: add rax,0x4 0x00000000016a6fd9 <+2647>: mov rdx,rax 0x00000000016a6fdc <+2650>: shr rdx,0x3 0x00000000016a6fe0 <+2654>: add rdx,0x7fff8000 0x00000000016a6fe7 <+2661>: movzx edx,BYTE PTR [rdx] 0x00000000016a6fea <+2664>: test dl,dl 0x00000000016a6fec <+2666>: setne cl 0x00000000016a6fef <+2669>: mov rsi,rax 0x00000000016a6ff2 <+2672>: and esi,0x7 0x00000000016a6ff5 <+2675>: add esi,0x3 0x00000000016a6ff8 <+2678>: cmp sil,dl 0x00000000016a6ffb <+2681>: setge dl 0x00000000016a6ffe <+2684>: and edx,ecx 0x00000000016a7000 <+2686>: test dl,dl 0x00000000016a7002 <+2688>: je 0x16a700c <timesub+2698> 0x00000000016a7004 <+2690>: mov rdi,rax 0x00000000016a7007 <+2693>: call 0x4e9bc0 <__asan_report_store4@plt> 0x00000000016a700c <+2698>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a7013 <+2705>: mov DWORD PTR [rax+0x4],edi 0x00000000016a7016 <+2708>: mov rcx,QWORD PTR [rbp-0xf8] 0x00000000016a701d <+2715>: movabs rdx,0x8888888888888889 0x00000000016a7027 <+2725>: mov rax,rcx 0x00000000016a702a <+2728>: imul rdx 0x00000000016a702d <+2731>: lea rax,[rdx+rcx*1] 0x00000000016a7031 <+2735>: sar rax,0x5 0x00000000016a7035 <+2739>: mov rdx,rax 0x00000000016a7038 <+2742>: mov rax,rcx 0x00000000016a703b <+2745>: sar rax,0x3f 0x00000000016a703f <+2749>: sub rdx,rax 0x00000000016a7042 <+2752>: mov rax,rdx 0x00000000016a7045 <+2755>: shl rax,0x4 0x00000000016a7049 <+2759>: sub rax,rdx 0x00000000016a704c <+2762>: shl rax,0x2 0x00000000016a7050 <+2766>: sub rcx,rax 0x00000000016a7053 <+2769>: mov rdx,rcx 0x00000000016a7056 <+2772>: movsx eax,BYTE PTR [rbp-0x111] 0x00000000016a705d <+2779>: lea ecx,[rdx+rax*1] 0x00000000016a7060 <+2782>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a7067 <+2789>: mov rdx,rax 0x00000000016a706a <+2792>: mov rax,rdx 0x00000000016a706d <+2795>: shr rax,0x3 0x00000000016a7071 <+2799>: add rax,0x7fff8000 0x00000000016a7077 <+2805>: movzx eax,BYTE PTR [rax] 0x00000000016a707a <+2808>: test al,al 0x00000000016a707c <+2810>: setne sil 0x00000000016a7080 <+2814>: cmp al,0x3 0x00000000016a7082 <+2816>: setle al 0x00000000016a7085 <+2819>: and eax,esi 0x00000000016a7087 <+2821>: test al,al 0x00000000016a7089 <+2823>: je 0x16a7093 <timesub+2833> 0x00000000016a708b <+2825>: mov rdi,rdx 0x00000000016a708e <+2828>: call 0x4e9bc0 <__asan_report_store4@plt> 0x00000000016a7093 <+2833>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a709a <+2840>: mov DWORD PTR [rax],ecx 0x00000000016a709c <+2842>: mov eax,DWORD PTR [rbx-0x80] 0x00000000016a709f <+2845>: and eax,0x3 0x00000000016a70a2 <+2848>: test eax,eax 0x00000000016a70a4 <+2850>: jne 0x16a70f6 <timesub+2932> 0x00000000016a70a6 <+2852>: mov ecx,DWORD PTR [rbx-0x80] 0x00000000016a70a9 <+2855>: mov edx,0x51eb851f 0x00000000016a70ae <+2860>: mov eax,ecx 0x00000000016a70b0 <+2862>: imul edx 0x00000000016a70b2 <+2864>: sar edx,0x5 0x00000000016a70b5 <+2867>: mov eax,ecx 0x00000000016a70b7 <+2869>: sar eax,0x1f 0x00000000016a70ba <+2872>: sub edx,eax 0x00000000016a70bc <+2874>: mov eax,edx 0x00000000016a70be <+2876>: imul eax,eax,0x64 0x00000000016a70c1 <+2879>: sub ecx,eax 0x00000000016a70c3 <+2881>: mov eax,ecx 0x00000000016a70c5 <+2883>: test eax,eax 0x00000000016a70c7 <+2885>: jne 0x16a70ef <timesub+2925> 0x00000000016a70c9 <+2887>: mov ecx,DWORD PTR [rbx-0x80] 0x00000000016a70cc <+2890>: mov edx,0x51eb851f 0x00000000016a70d1 <+2895>: mov eax,ecx 0x00000000016a70d3 <+2897>: imul edx 0x00000000016a70d5 <+2899>: sar edx,0x7 0x00000000016a70d8 <+2902>: mov eax,ecx 0x00000000016a70da <+2904>: sar eax,0x1f 0x00000000016a70dd <+2907>: sub edx,eax 0x00000000016a70df <+2909>: mov eax,edx 0x00000000016a70e1 <+2911>: imul eax,eax,0x190 0x00000000016a70e7 <+2917>: sub ecx,eax 0x00000000016a70e9 <+2919>: mov eax,ecx 0x00000000016a70eb <+2921>: test eax,eax 0x00000000016a70ed <+2923>: jne 0x16a70f6 <timesub+2932> 0x00000000016a70ef <+2925>: mov eax,0x1 0x00000000016a70f4 <+2930>: jmp 0x16a70fb <timesub+2937> 0x00000000016a70f6 <+2932>: mov eax,0x0 0x00000000016a70fb <+2937>: movsxd rdx,eax 0x00000000016a70fe <+2940>: mov rax,rdx 0x00000000016a7101 <+2943>: add rax,rax 0x00000000016a7104 <+2946>: add rax,rdx 0x00000000016a7107 <+2949>: shl rax,0x4 0x00000000016a710b <+2953>: add rax,0x1d7cd60 0x00000000016a7111 <+2959>: mov QWORD PTR [rbp-0xd8],rax 0x00000000016a7118 <+2966>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a711f <+2973>: add rax,0x10 0x00000000016a7123 <+2977>: mov rdx,rax 0x00000000016a7126 <+2980>: mov rax,rdx 0x00000000016a7129 <+2983>: shr rax,0x3 0x00000000016a712d <+2987>: add rax,0x7fff8000 0x00000000016a7133 <+2993>: movzx eax,BYTE PTR [rax] 0x00000000016a7136 <+2996>: test al,al 0x00000000016a7138 <+2998>: setne cl 0x00000000016a713b <+3001>: cmp al,0x3 0x00000000016a713d <+3003>: setle al 0x00000000016a7140 <+3006>: and eax,ecx 0x00000000016a7142 <+3008>: test al,al 0x00000000016a7144 <+3010>: je 0x16a714e <timesub+3020> 0x00000000016a7146 <+3012>: mov rdi,rdx 0x00000000016a7149 <+3015>: call 0x4e9bc0 <__asan_report_store4@plt> 0x00000000016a714e <+3020>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a7155 <+3027>: mov DWORD PTR [rax+0x10],0x0 0x00000000016a715c <+3034>: jmp 0x16a720c <timesub+3210> 0x00000000016a7161 <+3039>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a7168 <+3046>: add rax,0x10 0x00000000016a716c <+3050>: mov rdx,rax 0x00000000016a716f <+3053>: mov rax,rdx 0x00000000016a7172 <+3056>: shr rax,0x3 0x00000000016a7176 <+3060>: add rax,0x7fff8000 0x00000000016a717c <+3066>: movzx eax,BYTE PTR [rax] 0x00000000016a717f <+3069>: test al,al 0x00000000016a7181 <+3071>: setne cl 0x00000000016a7184 <+3074>: cmp al,0x3 0x00000000016a7186 <+3076>: setle al 0x00000000016a7189 <+3079>: and eax,ecx 0x00000000016a718b <+3081>: test al,al 0x00000000016a718d <+3083>: je 0x16a7197 <timesub+3093> 0x00000000016a718f <+3085>: mov rdi,rdx 0x00000000016a7192 <+3088>: call 0x4e9b10 <__asan_report_load4@plt> 0x00000000016a7197 <+3093>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a719e <+3100>: mov eax,DWORD PTR [rax+0x10] 0x00000000016a71a1 <+3103>: cdqe 0x00000000016a71a3 <+3105>: lea rdx,[rax*4+0x0] 0x00000000016a71ab <+3113>: mov rax,QWORD PTR [rbp-0xd8] 0x00000000016a71b2 <+3120>: lea rcx,[rdx+rax*1] 0x00000000016a71b6 <+3124>: mov rax,rcx 0x00000000016a71b9 <+3127>: mov rdx,rax 0x00000000016a71bc <+3130>: shr rdx,0x3 0x00000000016a71c0 <+3134>: add rdx,0x7fff8000 0x00000000016a71c7 <+3141>: movzx edx,BYTE PTR [rdx] 0x00000000016a71ca <+3144>: test dl,dl 0x00000000016a71cc <+3146>: setne sil 0x00000000016a71d0 <+3150>: mov rdi,rax 0x00000000016a71d3 <+3153>: and edi,0x7 0x00000000016a71d6 <+3156>: add edi,0x3 0x00000000016a71d9 <+3159>: cmp dil,dl 0x00000000016a71dc <+3162>: setge dl 0x00000000016a71df <+3165>: and edx,esi 0x00000000016a71e1 <+3167>: test dl,dl 0x00000000016a71e3 <+3169>: je 0x16a71ed <timesub+3179> 0x00000000016a71e5 <+3171>: mov rdi,rax 0x00000000016a71e8 <+3174>: call 0x4e9b10 <__asan_report_load4@plt> 0x00000000016a71ed <+3179>: mov eax,DWORD PTR [rcx] 0x00000000016a71ef <+3181>: sub DWORD PTR [rbp-0x110],eax 0x00000000016a71f5 <+3187>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a71fc <+3194>: mov eax,DWORD PTR [rax+0x10] 0x00000000016a71ff <+3197>: lea edx,[rax+0x1] 0x00000000016a7202 <+3200>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a7209 <+3207>: mov DWORD PTR [rax+0x10],edx 0x00000000016a720c <+3210>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a7213 <+3217>: add rax,0x10 0x00000000016a7217 <+3221>: mov rdx,rax 0x00000000016a721a <+3224>: mov rax,rdx 0x00000000016a721d <+3227>: shr rax,0x3 0x00000000016a7221 <+3231>: add rax,0x7fff8000 0x00000000016a7227 <+3237>: movzx eax,BYTE PTR [rax] 0x00000000016a722a <+3240>: test al,al 0x00000000016a722c <+3242>: setne cl 0x00000000016a722f <+3245>: cmp al,0x3 0x00000000016a7231 <+3247>: setle al 0x00000000016a7234 <+3250>: and eax,ecx 0x00000000016a7236 <+3252>: test al,al 0x00000000016a7238 <+3254>: je 0x16a7242 <timesub+3264> 0x00000000016a723a <+3256>: mov rdi,rdx 0x00000000016a723d <+3259>: call 0x4e9b10 <__asan_report_load4@plt> 0x00000000016a7242 <+3264>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a7249 <+3271>: mov eax,DWORD PTR [rax+0x10] 0x00000000016a724c <+3274>: cdqe 0x00000000016a724e <+3276>: lea rdx,[rax*4+0x0] 0x00000000016a7256 <+3284>: mov rax,QWORD PTR [rbp-0xd8] 0x00000000016a725d <+3291>: lea rcx,[rdx+rax*1] 0x00000000016a7261 <+3295>: mov rax,rcx 0x00000000016a7264 <+3298>: mov rdx,rax 0x00000000016a7267 <+3301>: shr rdx,0x3 0x00000000016a726b <+3305>: add rdx,0x7fff8000 0x00000000016a7272 <+3312>: movzx edx,BYTE PTR [rdx] 0x00000000016a7275 <+3315>: test dl,dl 0x00000000016a7277 <+3317>: setne sil 0x00000000016a727b <+3321>: mov rdi,rax 0x00000000016a727e <+3324>: and edi,0x7 0x00000000016a7281 <+3327>: add edi,0x3 0x00000000016a7284 <+3330>: cmp dil,dl 0x00000000016a7287 <+3333>: setge dl 0x00000000016a728a <+3336>: and edx,esi 0x00000000016a728c <+3338>: test dl,dl 0x00000000016a728e <+3340>: je 0x16a7298 <timesub+3350> 0x00000000016a7290 <+3342>: mov rdi,rax 0x00000000016a7293 <+3345>: call 0x4e9b10 <__asan_report_load4@plt> 0x00000000016a7298 <+3350>: mov eax,DWORD PTR [rcx] 0x00000000016a729a <+3352>: cmp eax,DWORD PTR [rbp-0x110] 0x00000000016a72a0 <+3358>: jle 0x16a7161 <timesub+3039> 0x00000000016a72a6 <+3364>: mov eax,DWORD PTR [rbp-0x110] 0x00000000016a72ac <+3370>: lea ecx,[rax+0x1] 0x00000000016a72af <+3373>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a72b6 <+3380>: add rax,0xc 0x00000000016a72ba <+3384>: mov rdx,rax 0x00000000016a72bd <+3387>: shr rdx,0x3 0x00000000016a72c1 <+3391>: add rdx,0x7fff8000 0x00000000016a72c8 <+3398>: movzx edx,BYTE PTR [rdx] 0x00000000016a72cb <+3401>: test dl,dl 0x00000000016a72cd <+3403>: setne sil 0x00000000016a72d1 <+3407>: mov rdi,rax 0x00000000016a72d4 <+3410>: and edi,0x7 0x00000000016a72d7 <+3413>: add edi,0x3 0x00000000016a72da <+3416>: cmp dil,dl 0x00000000016a72dd <+3419>: setge dl 0x00000000016a72e0 <+3422>: and edx,esi 0x00000000016a72e2 <+3424>: test dl,dl 0x00000000016a72e4 <+3426>: je 0x16a72ee <timesub+3436> 0x00000000016a72e6 <+3428>: mov rdi,rax 0x00000000016a72e9 <+3431>: call 0x4e9bc0 <__asan_report_store4@plt> 0x00000000016a72ee <+3436>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a72f5 <+3443>: mov DWORD PTR [rax+0xc],ecx 0x00000000016a72f8 <+3446>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a72ff <+3453>: add rax,0x20 0x00000000016a7303 <+3457>: mov rdx,rax 0x00000000016a7306 <+3460>: mov rax,rdx 0x00000000016a7309 <+3463>: shr rax,0x3 0x00000000016a730d <+3467>: add rax,0x7fff8000 0x00000000016a7313 <+3473>: movzx eax,BYTE PTR [rax] 0x00000000016a7316 <+3476>: test al,al 0x00000000016a7318 <+3478>: setne cl 0x00000000016a731b <+3481>: cmp al,0x3 0x00000000016a731d <+3483>: setle al 0x00000000016a7320 <+3486>: and eax,ecx 0x00000000016a7322 <+3488>: test al,al 0x00000000016a7324 <+3490>: je 0x16a732e <timesub+3500> 0x00000000016a7326 <+3492>: mov rdi,rdx 0x00000000016a7329 <+3495>: call 0x4e9bc0 <__asan_report_store4@plt> 0x00000000016a732e <+3500>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a7335 <+3507>: mov DWORD PTR [rax+0x20],0x0 0x00000000016a733c <+3514>: mov eax,DWORD PTR [rbp-0x12c] 0x00000000016a7342 <+3520>: movsxd rdx,eax 0x00000000016a7345 <+3523>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a734c <+3530>: add rax,0x28 0x00000000016a7350 <+3534>: mov rcx,rax 0x00000000016a7353 <+3537>: shr rcx,0x3 0x00000000016a7357 <+3541>: add rcx,0x7fff8000 0x00000000016a735e <+3548>: movzx ecx,BYTE PTR [rcx] 0x00000000016a7361 <+3551>: test cl,cl 0x00000000016a7363 <+3553>: je 0x16a736d <timesub+3563> 0x00000000016a7365 <+3555>: mov rdi,rax 0x00000000016a7368 <+3558>: call 0x4ea310 <__asan_report_store8@plt> 0x00000000016a736d <+3563>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a7374 <+3570>: mov QWORD PTR [rax+0x28],rdx 0x00000000016a7378 <+3574>: mov rax,QWORD PTR [rbp-0x140] 0x00000000016a737f <+3581>: jmp 0x16a73d5 <timesub+3667> 0x00000000016a7381 <+3583>: nop 0x00000000016a7382 <+3584>: jmp 0x16a738b <timesub+3593> 0x00000000016a7384 <+3586>: nop 0x00000000016a7385 <+3587>: jmp 0x16a738b <timesub+3593> 0x00000000016a7387 <+3589>: nop 0x00000000016a7388 <+3590>: jmp 0x16a738b <timesub+3593> 0x00000000016a738a <+3592>: nop 0x00000000016a738b <+3593>: call 0x4ecda0 <__errno_location@plt> 0x00000000016a7390 <+3598>: mov rcx,rax 0x00000000016a7393 <+3601>: mov rax,rcx 0x00000000016a7396 <+3604>: mov rdx,rax 0x00000000016a7399 <+3607>: shr rdx,0x3 0x00000000016a739d <+3611>: add rdx,0x7fff8000 0x00000000016a73a4 <+3618>: movzx edx,BYTE PTR [rdx] 0x00000000016a73a7 <+3621>: test dl,dl 0x00000000016a73a9 <+3623>: setne sil 0x00000000016a73ad <+3627>: mov rdi,rax 0x00000000016a73b0 <+3630>: and edi,0x7 0x00000000016a73b3 <+3633>: add edi,0x3 0x00000000016a73b6 <+3636>: cmp dil,dl 0x00000000016a73b9 <+3639>: setge dl 0x00000000016a73bc <+3642>: and edx,esi 0x00000000016a73be <+3644>: test dl,dl 0x00000000016a73c0 <+3646>: je 0x16a73ca <timesub+3656> 0x00000000016a73c2 <+3648>: mov rdi,rax 0x00000000016a73c5 <+3651>: call 0x4e9bc0 <__asan_report_store4@plt> 0x00000000016a73ca <+3656>: mov DWORD PTR [rcx],0x4b 0x00000000016a73d0 <+3662>: mov eax,0x0 0x00000000016a73d5 <+3667>: cmp r15,r13 0x00000000016a73d8 <+3670>: je 0x16a7414 <timesub+3730> 0x00000000016a73da <+3672>: mov QWORD PTR [r13+0x0],0x45e0360e 0x00000000016a73e2 <+3680>: movabs rbx,0xf5f5f5f5f5f5f5f5 0x00000000016a73ec <+3690>: mov QWORD PTR [r12+0x7fff8000],rbx 0x00000000016a73f4 <+3698>: movabs rbx,0xf5f5f5f5f5f5f5f5 0x00000000016a73fe <+3708>: mov QWORD PTR [r12+0x7fff8008],rbx 0x00000000016a7406 <+3716>: mov DWORD PTR [r12+0x7fff8010],0xf5f5f5f5 0x00000000016a7412 <+3728>: jmp 0x16a7438 <timesub+3766> 0x00000000016a7414 <+3730>: mov QWORD PTR [r12+0x7fff8000],0x0 0x00000000016a7420 <+3742>: mov QWORD PTR [r12+0x7fff8008],0x0 0x00000000016a742c <+3754>: mov DWORD PTR [r12+0x7fff8010],0x0 0x00000000016a7438 <+3766>: add rsp,0x118 0x00000000016a743f <+3773>: pop rbx 0x00000000016a7440 <+3774>: pop r12 0x00000000016a7442 <+3776>: pop r13 0x00000000016a7444 <+3778>: pop r14 0x00000000016a7446 <+3780>: pop r15 0x00000000016a7448 <+3782>: pop rbp 0x00000000016a7449 <+3783>: ret
fixed
hidva
commented
2 years ago hidva
commented
2 years ago
[rip+0xcf3666]at<+57>will trigger an error, and replaceripwithrbpwill be good, but there are another error: