coreutils: recovered stty segfault on vasprintf (potential limitation of variadic arguments)

[ameily]

The stty coreutils sample is lifting but the recovered binary is segfaulting on a call to vasprintf

(gdb) bt
#0  0xf7e4aa0b in strchrnul () from /lib/i386-linux-gnu/libc.so.6
trailofbits/binrec-prerelease#1  0xf7e222b1 in ?? () from /lib/i386-linux-gnu/libc.so.6
trailofbits/binrec-prerelease#2  0xf7e36369 in ?? () from /lib/i386-linux-gnu/libc.so.6
trailofbits/binrec-prerelease#3  0xf7ed3c45 in __snprintf_chk () from /lib/i386-linux-gnu/libc.so.6
trailofbits/binrec-prerelease#4  0x0904976b in Func_wrapf ()
trailofbits/binrec-prerelease#5  0x09049d94 in Func_main ()
trailofbits/binrec-prerelease#6  0xf7ddbee5 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6
trailofbits/binrec-prerelease#7  0x09049fd6 in _start ()
(gdb) f 0
#0  0xf7e4aa0b in strchrnul () from /lib/i386-linux-gnu/libc.so.6
(gdb) ds
=> 0xf7e4aa0b <strchrnul+27>:	mov    cl,BYTE PTR [eax]

The source code for stty.c shows that the wrapf function accepts variadic arguments and then calls vasprintf. I'm not sure at this point if we have tested binrec against a lifted function that accepts variadic arguments, so this may be a limitation of binrec.

[ameily]

With the fix in trailofbits/binrec-prerelease#148 , I'm now seeing this behavior in df