ghidra
ghidra copied to clipboard
Ghidra decompiler creates High P-code containing scalars that do not fit into ghidra.program.model.scalar
Describe the bug The decompiler creates High P-code with scalars that do not fit into ghidra.program.model.scalar.
To Reproduce
- Open DataLibrary.dll from here
- Navigate to address 0x100d33a4
- On the associated line in the decompiler, which for me is
if ((auVar17 & (undefined [16])0x8000000000000000) == (undefined [16])0x0) {
, click on0x8000000000000000
.
It's unclear if the High P-code being generated is even correct when the scalar won't fit into a long.
Expected behavior Ghidra adjusts the Listing window to the proper location and does not have an exception.
Screenshots
Attachments Here is the "Details" of the exception:
Bit length must be >= 1 and <= 64
java.lang.IllegalArgumentException: Bit length must be >= 1 and <= 64
at ghidra.program.model.scalar.Scalar.<init>(Scalar.java:62)
at ghidra.program.model.scalar.Scalar.<init>(Scalar.java:82)
at ghidra.app.plugin.core.decompile.actions.ConvertBinaryAction.getMenuDisplay(ConvertBinaryAction.java:45)
at ghidra.app.plugin.core.decompile.actions.ConvertConstantAction.isEnabledForDecompilerContext(ConvertConstantAction.java:322)
at ghidra.app.plugin.core.decompile.actions.AbstractDecompilerAction.lambda$isEnabledForContext$0(AbstractDecompilerAction.java:68)
at ghidra.app.plugin.core.decompile.DecompilerActionContext.checkActionEnablement(DecompilerActionContext.java:147)
at ghidra.app.plugin.core.decompile.actions.AbstractDecompilerAction.isEnabledForContext(AbstractDecompilerAction.java:67)
at docking.ComponentPlaceholder.contextChanged(ComponentPlaceholder.java:532)
at docking.DockingWindowManager.contextChanged(DockingWindowManager.java:2232)
at docking.AbstractDockingTool.contextChanged(AbstractDockingTool.java:208)
at ghidra.framework.plugintool.PluginTool.contextChanged(PluginTool.java:1433)
at ghidra.app.plugin.core.decompile.DecompilerProvider.contextChanged(DecompilerProvider.java:675)
at ghidra.app.plugin.core.decompile.DecompilerProvider.locationChanged(DecompilerProvider.java:515)
at ghidra.app.decompiler.component.DecompilerController.locationChanged(DecompilerController.java:261)
at ghidra.app.decompiler.component.DecompilerPanel.fieldLocationChanged(DecompilerPanel.java:769)
at docking.widgets.fieldpanel.FieldPanel$CursorHandler.notifyCursorChanged(FieldPanel.java:2133)
at docking.widgets.fieldpanel.FieldPanel$CursorHandler.setCursorPos(FieldPanel.java:1928)
at docking.widgets.fieldpanel.FieldPanel$FieldPanelMouseAdapter.mousePressed(FieldPanel.java:1316)
at java.desktop/java.awt.AWTEventMulticaster.mousePressed(AWTEventMulticaster.java:287)
at java.desktop/java.awt.Component.processMouseEvent(Component.java:6632)
at java.desktop/javax.swing.JComponent.processMouseEvent(JComponent.java:3342)
at java.desktop/java.awt.Component.processEvent(Component.java:6400)
at java.desktop/java.awt.Container.processEvent(Container.java:2263)
at java.desktop/java.awt.Component.dispatchEventImpl(Component.java:5011)
at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2321)
at java.desktop/java.awt.Component.dispatchEvent(Component.java:4843)
at java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4918)
at java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4544)
at java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4488)
at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2307)
at java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2772)
at java.desktop/java.awt.Component.dispatchEvent(Component.java:4843)
at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:772)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:95)
at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:745)
at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:743)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85)
at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:742)
at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)
---------------------------------------------------
Build Date: 2022-Jan-25 1526 EST
Ghidra Version: 10.1.2
Java Home: /usr/lib/jvm/java-11-openjdk-amd64
JVM Version: Private Build 11.0.15
OS: Linux 5.7.19-050719-generic amd64
Workstation: ed-Precision-7540
If applicable, please attach any files that caused problems or log files generated by the software.
Environment (please complete the following information):
- OS: Ubuntu Linux 18.04.6 LTS
- Java Version: 11.0.15
- Ghidra Version: 10.1.2
- Ghidra Origin: Official GitHub distro
Additional context
same for master (6fad151b5440de3dfdd619df7b5dc070b2b4dc6c), fails to make a 128-bit scalar.
I can't find the specific issue I'm thinking of, but I do recall 64-bit scalars being the limit and any larger is a "known" issue (decompiler and java native limitations I thought).
Thanks for reporting this. I'll submit a fix to disable the convert actions on constant varnodes which are too large for a Scalar
. This will prevent the exception.
That being said, we have some changes to ia.sinc
that haven't been merged yet, including an update to the PEXTRW
instruction, which will prevent the offending constant from being generated in this case. There's also an ongoing discussion about how to best handle large constants in SLEIGH and the decompiler. At some point we might change the Scalar
class to use a BigInteger
instead of a long
.
Thanks!