Consistent segmentation faults when analysing OpenXR programs

happysmash27 commented 2 years ago

Environment information

Operating System: Gentoo Linux
Cutter version: 2.0.3
Obtained from:
- [x] Built from source
- [ ] Downloaded release from Cutter website or GitHub
- [x] Distribution repository
File format: ELF 64-bit LSB pie executable, x86-64

Describe the bug

When analysing OpenXR programs, Cutter segmentation faults.

To Reproduce

Steps to reproduce the behavior:

Compile OpenXR-SDK-Source or another program which uses OpenXR.
Run cutter on it with default options

Expected behavior

Screenshots/Logs

For my own in-progress OpenXR program, compiled with debug symbols:

[x] Analyze all flags starting with sym. and entry0 (aa)
[x] Analyze function calls (aac)
[x] Analyze len bytes of instructions for references (aar)
[x] Check for classes
[x] Type matching analysis for all functions (aaft)
[x] Propagate noreturn information
[Cannot find base type "XrGraphicsBindingVulkanKHR"
Cannot find base type "XrGraphicsBindingVulkanKHR"
Cannot find base type "PFN_xrConvertTimespecTimeToTimeKHR"
Cannot find base type "PFN_xrConvertTimespecTimeToTimeKHR"
Cannot find base type "PFN_xrGetVulkanGraphicsRequirements2KHR"
Cannot find base type "PFN_xrGetVulkanGraphicsRequirements2KHR"
Cannot find base type "PFN_xrCreateVulkanInstanceKHR"
Cannot find base type "PFN_xrCreateVulkanInstanceKHR"
Cannot find base type "PFN_xrGetVulkanGraphicsDevice2KHR"
Cannot find base type "PFN_xrGetVulkanGraphicsDevice2KHR"
Cannot find base type "PFN_xrCreateVulkanDeviceKHR"
Cannot find base type "PFN_xrCreateVulkanDeviceKHR"
[x] Integrate dwarf function information.
[x] Use -AA or aaaa to perform additional experimental analysis.
zsh: segmentation fault  cutter ./testpattern_openxr

For the release version of the Hello XR test:

[x] Analyze all flags starting with sym. and entry0 (aa)
[x] Analyze function calls (aac)
[x] Analyze len bytes of instructions for references (aar)
[x] Check for classes
[x] Type matching analysis for all functions (aaft)
[x] Propagate noreturn information
[Cannot find base type "PFN_xrCreateVulkanDeviceKHR"
Cannot find base type "PFN_xrCreateVulkanDeviceKHR"
Cannot find base type "PFN_xrGetVulkanGraphicsRequirements2KHR"
Cannot find base type "PFN_xrGetVulkanGraphicsRequirements2KHR"
Cannot find base type "PFN_xrGetVulkanGraphicsDevice2KHR"
Cannot find base type "PFN_xrGetVulkanGraphicsDevice2KHR"
Cannot find base type "allocator"
Cannot find base type "allocator"
Cannot find base type "PFN_xrCreateVulkanInstanceKHR"
Cannot find base type "PFN_xrCreateVulkanInstanceKHR"
[x] Integrate dwarf function information.
[x] Use -AA or aaaa to perform additional experimental analysis.
zsh: segmentation fault  cutter build/linux_release/src/tests/hello_xr/hello_xr

For the debug build of the same program:

[x] Analyze all flags starting with sym. and entry0 (aa)
[x] Analyze function calls (aac)
[x] Analyze len bytes of instructions for references (aar)
[x] Check for classes
[x] Type matching analysis for all functions (aaft)
[x] Propagate noreturn information
[Cannot find base type "_Vector_base"ion.
Cannot find base type "new_allocator"
Cannot find base type "allocator"
WARNING: (../rizin-v0.3.0/librz/type/type.c:790):rz_type_db_get_bitsize: code should not be reached
Cannot find base type "SwapchainImageContext"
WARNING: (../rizin-v0.3.0/librz/type/type.c:790):rz_type_db_get_bitsize: code should not be reached
WARNING: (../rizin-v0.3.0/librz/type/type.c:790):rz_type_db_get_bitsize: code should not be reached
WARNING: (../rizin-v0.3.0/librz/type/type.c:790):rz_type_db_get_bitsize: code should not be reached
Cannot find base type "allocator"
Cannot find base type "__normal_iterator"
Cannot find base type "_Vector_base"
zsh: segmentation fault  cutter build/linux_debug/src/tests/hello_xr/hello_xr

Additional Info

This is compiled from the Gentoo package.

dev-util/cutter-2.0.3::gentoo was built with the following:
USE="-graphviz" ABI_X86="(64)" PYTHON_SINGLE_TARGET="python3_9 -python3_10"

My program, and I believe OpenXR's hello_xr too, both dynamically load certain OpenXR functions to a function pointer, as this is required to be able to run these functions.

XVilka commented 2 years ago

Could you please attach the binary instead?

happysmash27 commented 2 years ago

Yes.

hello_xr binary debug: https://happysmash27.me/Upload/Debug%20Programs/cutter_segfault_2021-10-24/hello_xr_debug

hello_xr binary release: https://happysmash27.me/Upload/Debug%20Programs/cutter_segfault_2021-10-24/hello_xr_release

My own WIP OpenXR program: https://happysmash27.me/Upload/Debug%20Programs/cutter_segfault_2021-10-24/testpattern_openxr

rizinorg / cutter

Consistent segmentation faults when analysing OpenXR programs #2815