Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signed integer recovered as unsigned integer #4588

Open
yangzao opened this issue Apr 17, 2024 · 0 comments
Open

Signed integer recovered as unsigned integer #4588

yangzao opened this issue Apr 17, 2024 · 0 comments
Labels
bug Something is broken needs-triage Issue has yet to be looked at by a maintainer

Comments

@yangzao
Copy link

yangzao commented Apr 17, 2024

Description

Original code:

for (int loop = (4); loop < (-112); loop++)

Decompiled code:

unsigned int v1;  // [bp-0x2c]
...
for (v1 = 4; v1 < -112; v1 += 1)

The for loop condition is not met in original code,
but because v1 in declared as unsigned int, the condition actually becomes v1 < 4294967184.
So the for loop can be iterated in decompiled code.

Steps to reproduce the bug

Files:
8.zip

(0. the exec is included as orig_exec)

  1. compile orig,c into a Mach-O exec (I used OS X Cross on Linux) with Clang and -O0.
  2. decompile the exec with angr.
  3. the issue is at the last for loop of the second function (original name func_1 is not recovered).

Environment

No response

Additional context

No response
@yangzao yangzao added bug Something is broken needs-triage Issue has yet to be looked at by a maintainer labels Apr 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something is broken needs-triage Issue has yet to be looked at by a maintainer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@yangzao