Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

C++ Decompiler vector subscript out of range in heritage.cc #7474

Open
ekilmer opened this issue Feb 10, 2025 · 0 comments
Open

C++ Decompiler vector subscript out of range in heritage.cc #7474

ekilmer opened this issue Feb 10, 2025 · 0 comments
Assignees
@caheckman
Labels
Feature: Decompiler Status: Triage Information is being gathered

Comments

@ekilmer
Copy link
Contributor

ekilmer commented Feb 10, 2025

Describe the bug

There is a vector subscript out-of-range error when running

./ghidra_test_dbg datatests concat.xml

with -D_GLIBCXX_ASSERTIONS, after this commit 29a443f.

This was found as part of updating to the latest Ghidra commits in https://github.com/lifting-bits/sleigh. I came across the regression detected in the Debug build of the Windows CI runner because Windows enables assertions, by default, in the C++ standard library during a Debug build.

To Reproduce

I am on x86_64 Ubuntu 24.04 with Ghidra commit 29a443f.

Steps to reproduce the behavior:

  1. Modify this line in the Makefile

    ghidra/Ghidra/Features/Decompiler/src/decompile/cpp/Makefile

    Line 41 in f0afe91

    DBG_CXXFLAGS=-g -Wall -Wno-sign-compare
    and append -D_GLIBCXX_ASSERTIONS
  2. Compile and run ./ghidra_test_dbg datatests concat.xml
  3. See error
~/ghidra/Ghidra/Features/Decompiler/src/decompile/cpp$ ./ghidra_test_dbg datatests concat.xml


/usr/include/c++/13/bits/stl_vector.h:1147: std::vector<_Tp, _Alloc>::const_reference std::vector<_Tp, _Alloc>::operator[](size_type) const [with _Tp = int; _Alloc = std::allocator<int>; const_reference = const int&; size_type = long unsigned int]: Assertion '__n < this->size()' failed.
Aborted (core dumped)

Expected behavior

No failures.

Screenshots
GDB backtrace:

~/ghidra/Ghidra/Features/Decompiler/src/decompile/cpp$ gdb ./ghidra_test_dbg
GNU gdb (Ubuntu 15.0.50.20240403-0ubuntu1) 15.0.50.20240403-git
[...]
(gdb) r datatests concat.xml
Starting program: /home/user/ghidra/Ghidra/Features/Decompiler/src/decompile/cpp/ghidra_test_dbg datatests concat.xml
warning: could not find '.gnu_debugaltlink' file for /lib/x86_64-linux-gnu/libbfd-2.42-system.so
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".


/usr/include/c++/13/bits/stl_vector.h:1147: std::vector<_Tp, _Alloc>::const_reference std::vector<_Tp, _Alloc>::operator[](size_type) const [with _Tp = int; _Alloc = std::allocator<int>; const_reference = const int&; size_type = long unsigned int]: Assertion '__n < this->size()' failed.

Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:44
warning: 44     ./nptl/pthread_kill.c: No such file or directory
(gdb) bt
#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:44
#1  __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
#2  __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3  0x00007ffff764527e in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4  0x00007ffff76288ff in __GI_abort () at ./stdlib/abort.c:79
#5  0x00007ffff7adf90d in std::__glibcxx_assert_fail(char const*, int, char const*, char const*) () from /lib/x86_64-linux-gnu/libstdc++.so.6
#6  0x0000555555612ec1 in std::vector<int, std::allocator<int> >::operator[] (this=0x7fffffffbe80, __n=8) at /usr/include/c++/13/bits/stl_vector.h:1147
#7  0x00005555557d6085 in ghidra::Heritage::splitByRefinement (this=0x555555ce59a8, vn=0x555555cb45d0, addr=..., refine=std::vector of length 8, capacity 9 = {...},
    split=std::vector of length 2, capacity 2 = {...}) at heritage.cc:1748
#8  0x00005555557d6128 in ghidra::Heritage::refineRead (this=0x555555ce59a8, vn=0x555555cb45d0, addr=..., refine=std::vector of length 8, capacity 9 = {...},
    newvn=std::vector of length 2, capacity 2 = {...}) at heritage.cc:1775
#9  0x00005555557d6811 in ghidra::Heritage::refinement (this=0x555555ce59a8, memiter=..., readvars=std::vector of length 1, capacity 32 = {...},
    writevars=std::vector of length 0, capacity 8, inputvars=std::vector of length 1, capacity 1 = {...}) at heritage.cc:1912
#10 0x00005555557d9bc0 in ghidra::Heritage::placeMultiequals (this=0x555555ce59a8) at heritage.cc:2610
#11 0x00005555557da917 in ghidra::Heritage::heritage (this=0x555555ce59a8) at heritage.cc:2748
#12 0x00005555558baec8 in ghidra::Funcdata::opHeritage (this=0x555555ce55c0) at /home/user/ghidra/Ghidra/Features/Decompiler/src/decompile/cpp/funcdata.hh:455
#13 0x00005555558bcb36 in ghidra::ActionHeritage::apply (this=0x555555d8dad0, data=...) at /home/user/ghidra/Ghidra/Features/Decompiler/src/decompile/cpp/coreaction.hh:289
#14 0x00005555556d7b46 in ghidra::Action::perform (this=0x555555d8dad0, data=...) at action.cc:319
#15 0x00005555556d8732 in ghidra::ActionGroup::apply (this=0x555555d2b4d0, data=...) at action.cc:514
#16 0x00005555556d7b46 in ghidra::Action::perform (this=0x555555d2b4d0, data=...) at action.cc:319
#17 0x00005555556d8732 in ghidra::ActionGroup::apply (this=0x555555d8de50, data=...) at action.cc:514
#18 0x00005555556d7b46 in ghidra::Action::perform (this=0x555555d8de50, data=...) at action.cc:319
#19 0x00005555556d8732 in ghidra::ActionGroup::apply (this=0x555555d8d6a0, data=...) at action.cc:514
#20 0x00005555556d89e4 in ghidra::ActionRestartGroup::apply (this=0x555555d8d6a0, data=...) at action.cc:560
#21 0x00005555556d7b46 in ghidra::Action::perform (this=0x555555d8d6a0, data=...) at action.cc:319
#22 0x00005555559b5529 in ghidra::IfcDecompile::execute (this=0x555555cac860, s=...) at ifacedecomp.cc:908
#23 0x00005555559d8b87 in ghidra::IfaceStatus::runCommand (this=0x555555caa150) at interface.cc:369
#24 0x00005555559c8971 in ghidra::execute (status=0x555555caa150, dcp=0x555555c99e80) at ifacedecomp.cc:3620
#25 0x00005555559c8d9f in ghidra::mainloop (status=0x555555caa150) at ifacedecomp.cc:3661
#26 0x00005555559f77eb in ghidra::FunctionTestCollection::runTests (this=0x7fffffffce10, lateStream=empty std::__cxx11::list) at testfunction.cc:319
#27 0x00005555559f7e04 in ghidra::FunctionTestCollection::runTestFiles (testFiles=std::vector of length 1, capacity 1 = {...}, s=...) at testfunction.cc:367
#28 0x0000555555a28992 in main (argc=2, argv=0x7fffffffd290) at test.cc:169

Environment (please complete the following information):

  • OS: Ubuntu 24.04
  • Java Version: 21
  • Ghidra Version: 29a443f
  • Ghidra Origin: Locally built

Additional context

To prevent future issues, consider adding additional flags from this article: https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html#tldr-what-compiler-options-should-i-use

and enabling sanitizers -fsanitize=address,undefined when running tests.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@caheckman caheckman

Labels
Feature: Decompiler Status: Triage Information is being gathered
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ekilmer @ryanmkurtz @caheckman