ghidra icon indicating copy to clipboard operation
ghidra copied to clipboard

Published 20 hours ago verified publisher icon NationalSecurityAgency

Golang Analysis Bug

Open ret2void opened this issue 6 months ago • 4 comments

Unsupported varnode size: 0 java.lang.IllegalArgumentException: Unsupported varnode size: 0 at ghidra.program.model.listing.VariableStorage.checkVarnodes(VariableStorage.java:198) at ghidra.program.model.listing.VariableStorage.(VariableStorage.java:85) at ghidra.app.util.bin.format.golang.GoFunctionFixup.updateParamWithCustomRegisterStorage(GoFunctionFixup.java:185) at ghidra.app.util.bin.format.golang.GoFunctionFixup.fixupFunction(GoFunctionFixup.java:90) at ghidra.app.util.bin.format.golang.GoFunctionFixup.fixupFunction(GoFunctionFixup.java:75) at ghidra.app.plugin.core.analysis.GolangSymbolAnalyzer.markupGoFunctions(GolangSymbolAnalyzer.java:273) at ghidra.app.plugin.core.analysis.GolangSymbolAnalyzer.added(GolangSymbolAnalyzer.java:132) at ghidra.app.plugin.core.analysis.AnalysisScheduler.runAnalyzer(AnalysisScheduler.java:186) at ghidra.app.plugin.core.analysis.AnalysisTask.applyTo(AnalysisTask.java:37) at ghidra.app.plugin.core.analysis.AnalysisTask.applyTo(AnalysisTask.java:24) at ghidra.app.plugin.core.analysis.AutoAnalysisManager$AnalysisTaskWrapper.run(AutoAnalysisManager.java:660) at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:760) at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:639) at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:604) at ghidra.app.plugin.core.analysis.AnalysisBackgroundCommand.applyTo(AnalysisBackgroundCommand.java:55) at ghidra.app.plugin.core.analysis.AnalysisBackgroundCommand.applyTo(AnalysisBackgroundCommand.java:33) at ghidra.framework.plugintool.mgr.BackgroundCommandTask.run(BackgroundCommandTask.java:103) at ghidra.framework.plugintool.mgr.ToolTaskManager.run(ToolTaskManager.java:351) at java.base/java.lang.Thread.run(Thread.java:1583)

Build Date: 2025-Apr-15 1250 EDT Ghidra Version: 11.3.2 Java Home: /usr/lib/jvm/java-21-openjdk-amd64 JVM Version: Debian 21.0.7 OS: Linux 6.12.25-amd64 amd64

ret2void avatar May 12 '25 15:05 ret2void

I'm trying to narrow down what may have triggered the issue, but not having an easy time. What kind of binary are you looking at, and could you share it?

There have been a lot of changes to this code path in the master branch, so it may have been changed enough to 'fix' your issue, or maybe not. If you have the ability to test this against a locally built head version, that would be helpful.

dev747368 avatar May 12 '25 18:05 dev747368

Is there any way to find the program address where triggered the issue?

ret2void avatar May 15 '25 09:05 ret2void

I'm sure this will be irrelevant once the compiler specifications can support return values on the stack correctly? Custom storage should not be used anyway due to the limitations imposed by it (no call signature overrides, no function pointers can't use interfaces, etc)

astrelsky avatar May 15 '25 15:05 astrelsky

I am reversing an golang aarch64 binary.

Moreover, when choosing the file type, I selected golang and used the default analysis option

---Original--- From: "Andrew @.> Date: Thu, May 15, 2025 23:07 PM To: @.>; Cc: @.@.>; Subject: Re: [NationalSecurityAgency/ghidra] Golang Analysis Bug (Issue #8141)

astrelsky left a comment (NationalSecurityAgency/ghidra#8141)

I'm sure this will be irrelevant once the compiler specifications can support return values on the stack correctly? Custom storage should not be used anyway due to the limitations imposed by it (no call signature overrides, no function pointers can't use interfaces, etc)

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

ret2void avatar May 15 '25 15:05 ret2void