[Bug 1368855] Review Request: radare2 - The reverse engineering framework

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

https://bugzilla.redhat.com/show_bug.cgi?id=1368855



--- Comment #43 from Anton Kochkov <anton.kochkov@xxxxxxxxx> ---
(In reply to Elliott Sales de Andrade from comment #42)
> 3.0.5? It was released today; no need for bundling. Just ping the maintainer
> about it.

Problem is that 3.0.5 is a release of a "stable" branch, which is not the one
required for radare2. There is also a "next" branch with more architectures and
instructions support. It will be released as a 4.0 version, which is awaited
for years. Having an updated disassembly engine is vital. Let me illustrate it
by example. x86 platform has a variable instruction size, thus if we decoded
some instruction wrongly the rest of disassembly (at least for some period,
like 10-40 instructions) will be totally wrong. There was a recent bug in
latest Fedora, where compiler started function prelude with "endbr64"
instruction, which wasn't recognized by capstone at all, thus leading to the
wrong disassembly and fail to analyze function boundaries and creating one.
Because this is the "main()" function it completely broke further function
analysis too. Just because of one instruction
https://github.com/radare/radare2/issues/10113

r2 fedora28_bin_ls 
 -- Welcome to IDA 10.0.
[0x000058b0]> s main
[0x00003e50]> pd 50
            ;-- main:
            0x00003e50      f3             invalid
            0x00003e51      0f             invalid
            0x00003e52      1e             invalid
            0x00003e53      fa             cli
            0x00003e54      4157           push r15
            0x00003e56      4156           push r14
            0x00003e58      4155           push r13
            0x00003e5a      4154           push r12
            0x00003e5c      55             push rbp

There were recently fixes for Intel MPX instructions as well in the capstone
"next" branch. If you want to track the mainstream progress on it - check the
issue https://github.com/aquynh/capstone/issues/1096

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx/message/A3AIBL7DP6IRUS5PFCNW7YXKSQ5R7GLS/
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite Conditions]     [KDE Users]

  Powered by Linux