Florian Märkl

Well it's not incorrect, the expression seems right to me. Is the function at `0x100a1970` analyzed in rizin? What happens if you do `af` there before decompiling?

The decompiler in Ghidra itself does the same:  I have added the info about which io maps are readonly in #197 but that doesn't seem to change anything. Interestingly,...

Well right now, most of these differences are expected and consequences of rizin's type system. So not sure if tests make sense yet.

Sounds like endian issue

> The binary is just a simple GCC 9 compiled C program (specifically [this](https://github.com/xairy/easy-linux-pwn/blob/master/src/01-local-overflow.c)), but I doubt that matters. I can upload the binary somewhere if it's easier to debug....

Not much that can be done on rz-ghidra side because sp-based is conceptually wrong for variables in the general case. They should be removed from rizin and stack variables should...

For now, you should be able to change the types from `int` to `int32_t`, but we should support more than that.

So the reason seems to be the tailcall at `0x08001bc6`. This can "kind of" be worked around like this: ``` florian-macbook:rz-ghidra florian$ rz -e io.cache=1 ~/Downloads/numabasic.c-gcc-x64-O2.o [0x08000040]> wa ret @...

@radare It happens with every elf on ihj, I can open an issue later

@radare https://github.com/radare/radare2/issues/15006