local variable 'retn_node' referenced before assignment

[huangshichao]

I got these error when ruuning with deflat.py:"local variable 'retn_node' referenced before assignment". I check the script and find out when the function has no "return code"( no matching condition for if supergraph.out_degree(node) == 0 and len(node.out_branches) == 0), the function cannot work.

[cq674350529]

Thanks for your feedback. Can you provide your script and binary for me to reproduce easily?

[huangshichao]

thanks for your reply. attachment .zip

all the function can be deflated except the trace function(which address is 0x4018B0). I guess "free function" may affect so that the out-degree-counting and brach-counting results wrong.

[cq674350529]

Hi, I had a quick look at it. For a temp fix, you can change the following line to: if supergraph.out_degree(node) == 0:.

https://github.com/cq674350529/deflat/blob/a210659bd4b3912d9ac2dd99eec17e417db3a8ef/flat_control_flow/deflat.py#L102

The retn_node calls another two functions, which breaks the condition len(node.out_branches) == 0.

.text:0000000000401CC5
.text:0000000000401CC5 loc_401CC5:
.text:0000000000401CC5 mov     rdi, offset aGameOver ; "game over"
.text:0000000000401CCF mov     al, 0
.text:0000000000401CD1 call    _printf
.text:0000000000401CD6 mov     edi, 1          ; status
.text:0000000000401CDB mov     [rbp+var_98], eax
.text:0000000000401CE1 call    _exit

I'll check it later why I added an additional condition, maybe for some corner cases.

[huangshichao]

Thanks a lot! By reviewing IDA, the function actually ends here. Check the attached picture. it is clear to see that this block has no branches or out degree.