Miss cross reference in __libc_csu_init function when binary is linked by ld.gold

[bin2415]

Hi, When I use McSema to recompile the binary code which is linked by ld.gold(2.26.1), there always has a segmentation fault problem. I made a simple analysis and found that McSema missed a cross reference in __libc_csu_init function.

.text:00000000004005F0                 push    r15
.text:00000000004005F2                 push    r14
.text:00000000004005F4                 mov     r15d, edi
.text:00000000004005F7                 push    r13
.text:00000000004005F9                 push    r12
.text:00000000004005FB                 lea     r12, __frame_dummy_init_array_entry
.text:0000000000400602                 push    rbp
.text:0000000000400603                 lea     rbp, _DYNAMIC
.text:000000000040060A                 push    rbx
.text:000000000040060B                 mov     r14, rsi
.text:000000000040060E                 mov     r13, rdx
.text:0000000000400611                 sub     rbp, r12
.text:0000000000400614                 sub     rsp, 8
.text:0000000000400618                 sar     rbp, 3

As shown above, in 0x400603, there is a corss reference that points to _DYNAMIC. Unfortunately, the _DYNAMIC address is in LOAD segment, and McSema deems it as an invalid address.

I put my demo binary code here.

---

I found this problem with the help of Dr. @junxzm1990

[pgoodman]

Ooh interesting. @kumarak can you look into this. @Aiethel can you replicate this with the Dyninst frontend? @KyleMiles Can you replicate this with the Binary Ninja frontend?