ghidra
ghidra copied to clipboard
NationalSecurityAgency
External DWARF parsing errors
Describe the bug
ghidra throws an exception when parsing an external DWARF file. It cannot even correctly parse the DWARF version, which is located at the start of each compilation unit in the .debug_info section. The external DWARF file should be well formed, as it can be successfuly parsed by readelf or IDA Pro.
To Reproduce Steps to reproduce the behavior:
- Download and extract arm.tar.gz, which consists of the binary
patchand the external DWARF file in the directory.build-id. - Loading the binary in
ghidra. - Click
Edit -> DWARF External Debug Configand set the directory to the one containing.build-id. - Run the DWARF analyzer by
Analysis -> One Shot -> DWARF. - Wait and see error.
Expected behavior The error message is as follows:
Error during DWARFAnalyzer import: Only DWARF version 2, 3, or 4 information is currently supported (detected 31553).
Screenshots
Attachments
I also encountered a similar error on the x64 version of this binary: x64.tar.gz. The error message is as follows:
Error during DWARFAnalyzer import: Only DWARF version 2, 3, or 4 information is currently supported (detected 0).
Environment (please complete the following information):
- OS: macOS 12.4
- Java Version: openjdk 11.0.15 2022-04-19
- Ghidra Version: 10.2
- Ghidra Origin: locally built from commit
25aa4663d91965416d3e4c96cb9efa71d50d2eac
initial troubleshooting: it looks like these binaries are using a newer option for compressed Elf sections that we don't support yet.
These binaries are taken from Ubuntu Debug Symbol Packages. pyelftools can also parse these binaries. Check this line and this line from pyelftools on how it handles compressed sections.
If you are having issues with this, you can use the elfdecompress utility, with the following command: elfdecompress -vt none [file] to decompress the sections, which worked for me and I was able to analyze binaries afterward. This is a good workaround until it is fixed in Ghidra.
