ghidra icon indicating copy to clipboard operation
ghidra copied to clipboard

Published 20 hours ago verified publisher icon NationalSecurityAgency

Ghidra decompiler creates High P-code containing scalars that do not fit into ghidra.program.model.scalar

Open edmcman opened this issue 1 year ago • 1 comments

Describe the bug The decompiler creates High P-code with scalars that do not fit into ghidra.program.model.scalar.

To Reproduce

  1. Open DataLibrary.dll from here
  2. Navigate to address 0x100d33a4
  3. On the associated line in the decompiler, which for me is if ((auVar17 & (undefined [16])0x8000000000000000) == (undefined [16])0x0) {, click on 0x8000000000000000.

It's unclear if the High P-code being generated is even correct when the scalar won't fit into a long.

Expected behavior Ghidra adjusts the Listing window to the proper location and does not have an exception.

Screenshots image

Attachments Here is the "Details" of the exception:

Bit length must be >= 1 and <= 64
java.lang.IllegalArgumentException: Bit length must be >= 1 and <= 64
	at ghidra.program.model.scalar.Scalar.<init>(Scalar.java:62)
	at ghidra.program.model.scalar.Scalar.<init>(Scalar.java:82)
	at ghidra.app.plugin.core.decompile.actions.ConvertBinaryAction.getMenuDisplay(ConvertBinaryAction.java:45)
	at ghidra.app.plugin.core.decompile.actions.ConvertConstantAction.isEnabledForDecompilerContext(ConvertConstantAction.java:322)
	at ghidra.app.plugin.core.decompile.actions.AbstractDecompilerAction.lambda$isEnabledForContext$0(AbstractDecompilerAction.java:68)
	at ghidra.app.plugin.core.decompile.DecompilerActionContext.checkActionEnablement(DecompilerActionContext.java:147)
	at ghidra.app.plugin.core.decompile.actions.AbstractDecompilerAction.isEnabledForContext(AbstractDecompilerAction.java:67)
	at docking.ComponentPlaceholder.contextChanged(ComponentPlaceholder.java:532)
	at docking.DockingWindowManager.contextChanged(DockingWindowManager.java:2232)
	at docking.AbstractDockingTool.contextChanged(AbstractDockingTool.java:208)
	at ghidra.framework.plugintool.PluginTool.contextChanged(PluginTool.java:1433)
	at ghidra.app.plugin.core.decompile.DecompilerProvider.contextChanged(DecompilerProvider.java:675)
	at ghidra.app.plugin.core.decompile.DecompilerProvider.locationChanged(DecompilerProvider.java:515)
	at ghidra.app.decompiler.component.DecompilerController.locationChanged(DecompilerController.java:261)
	at ghidra.app.decompiler.component.DecompilerPanel.fieldLocationChanged(DecompilerPanel.java:769)
	at docking.widgets.fieldpanel.FieldPanel$CursorHandler.notifyCursorChanged(FieldPanel.java:2133)
	at docking.widgets.fieldpanel.FieldPanel$CursorHandler.setCursorPos(FieldPanel.java:1928)
	at docking.widgets.fieldpanel.FieldPanel$FieldPanelMouseAdapter.mousePressed(FieldPanel.java:1316)
	at java.desktop/java.awt.AWTEventMulticaster.mousePressed(AWTEventMulticaster.java:287)
	at java.desktop/java.awt.Component.processMouseEvent(Component.java:6632)
	at java.desktop/javax.swing.JComponent.processMouseEvent(JComponent.java:3342)
	at java.desktop/java.awt.Component.processEvent(Component.java:6400)
	at java.desktop/java.awt.Container.processEvent(Container.java:2263)
	at java.desktop/java.awt.Component.dispatchEventImpl(Component.java:5011)
	at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2321)
	at java.desktop/java.awt.Component.dispatchEvent(Component.java:4843)
	at java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4918)
	at java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4544)
	at java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4488)
	at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2307)
	at java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2772)
	at java.desktop/java.awt.Component.dispatchEvent(Component.java:4843)
	at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:772)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:95)
	at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:745)
	at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:743)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85)
	at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:742)
	at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
	at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)

---------------------------------------------------
Build Date: 2022-Jan-25 1526 EST
Ghidra Version: 10.1.2
Java Home: /usr/lib/jvm/java-11-openjdk-amd64
JVM Version: Private Build 11.0.15
OS: Linux 5.7.19-050719-generic amd64
Workstation: ed-Precision-7540

If applicable, please attach any files that caused problems or log files generated by the software.

Environment (please complete the following information):

  • OS: Ubuntu Linux 18.04.6 LTS
  • Java Version: 11.0.15
  • Ghidra Version: 10.1.2
  • Ghidra Origin: Official GitHub distro

Additional context

edmcman avatar Aug 05 '22 14:08 edmcman

same for master (6fad151b5440de3dfdd619df7b5dc070b2b4dc6c), fails to make a 128-bit scalar.

I can't find the specific issue I'm thinking of, but I do recall 64-bit scalars being the limit and any larger is a "known" issue (decompiler and java native limitations I thought).

mumbel avatar Aug 07 '22 23:08 mumbel

Thanks for reporting this. I'll submit a fix to disable the convert actions on constant varnodes which are too large for a Scalar. This will prevent the exception.

That being said, we have some changes to ia.sinc that haven't been merged yet, including an update to the PEXTRW instruction, which will prevent the offending constant from being generated in this case. There's also an ongoing discussion about how to best handle large constants in SLEIGH and the decompiler. At some point we might change the Scalar class to use a BigInteger instead of a long.

ghidracadabra avatar Aug 18 '22 18:08 ghidracadabra

Thanks!

edmcman avatar Aug 23 '22 14:08 edmcman