Segmentation fault during decompilation

Question

Segmentation fault during decompilation

Closed this issue a year ago · 4 comments

I came across a function that causes a segfault when I try to decompile it with r2ghidra. That's about all I know. I think it's the last function in the file so maybe that has something to do with it.

The function is in /usr/bin/cp from an amd64 version of the DockerHub image bitnami/minideb:latest from about 2 months ago. I put the file in a Docker image with r2ghidra to try to make it reproducible enough for someone to debug.

https://github.com/dwisdom0/r2ghidra_segfault_demo

$ docker pull dwisdom0/r2ghidra_segfault:latest
$ docker run -it --rm dwisdom0/r2ghidra_segfault:latest
# r2 /root/cp
WARN: Relocs has not been applied. Please use `-e bin.relocs.apply=true` or `-e bin.cache=true` next time
 -- Coffee time!
[0x00005150]> aaa
INFO: Analyze all flags starting with sym. and entry0 (aa)
INFO: Analyze imports (af@@@i)
INFO: Analyze entrypoint (af@ entry0)
INFO: Analyze symbols (af@@@s)
INFO: Recovering variables
INFO: Analyze all functions arguments/locals (afva@@@F)
INFO: Analyze function calls (aac)
INFO: Analyze len bytes of instructions for references (aar)
INFO: Finding and parsing C++ vtables (avrr)
INFO: Analyzing methods
INFO: Recovering local variables (afva)
INFO: Type matching analysis for all functions (aaft)
INFO: Propagate noreturn information (aanr)
INFO: Use -AA or aaaa to perform additional experimental analysis
[0x00005150]> s fcn.0001b020
[0x0001b020]> pdg
Segmentation fault

Answer 1 · 2023-11-06T03:55:03.000Z

I came across a function that causes a segfault when I try to decompile it with r2ghidra. That's about all I know.

The function is in /usr/bin/cp from an amd64 version of the DockerHub image bitnami/minideb:latest from about 2 months ago. I put the file in a Docker image with r2ghidra to try to make it reproducible enough for someone to debug.

https://github.com/dwisdom0/r2ghidra_segfault_demo

$ docker pull dwisdom0/r2ghidra_segfault:latest
$ docker run -it --rm dwisdom0/r2ghidra_segfault:latest
# r2 /root/cp
WARN: Relocs has not been applied. Please use `-e bin.relocs.apply=true` or `-e bin.cache=true` next time
 -- Coffee time!
[0x00005150]> aaa
INFO: Analyze all flags starting with sym. and entry0 (aa)
INFO: Analyze imports (af@@@i)
INFO: Analyze entrypoint (af@ entry0)
INFO: Analyze symbols (af@@@s)
INFO: Recovering variables
INFO: Analyze all functions arguments/locals (afva@@@F)
INFO: Analyze function calls (aac)
INFO: Analyze len bytes of instructions for references (aar)
INFO: Finding and parsing C++ vtables (avrr)
INFO: Analyzing methods
INFO: Recovering local variables (afva)
INFO: Type matching analysis for all functions (aaft)
INFO: Propagate noreturn information (aanr)
INFO: Use -AA or aaaa to perform additional experimental analysis
[0x00005150]> s fcn.0001b020
[0x0001b020]> pdg
Segmentation fault

Most of time r2ghidra give segmentation fault when you not built r2ghidra after updating radare2. Update your r2ghidra by

r2pm -ci r2ghidra

and try again decompiling that function.

Answer 2 · 2023-11-06T04:00:43.000Z

Thanks for the quick reply!

I think this is happening in a fresh install of r2ghidra. The Dockerfile for the image I made today looks like this (also available in the git repo I linked). Let me know if there's something I messed up trying to install it!

FROM bitnami/minideb:bookworm

COPY cp.gz /root/cp.gz

RUN \
  apt update && \
  apt install -y git make gcc g++ curl pkg-config zip && \
  git clone https://github.com/radareorg/radare2 && \
  radare2/sys/install.sh && \
  r2pm -U && \
  r2pm -ci r2ghidra && \
  gunzip /root/cp.gz

ENTRYPOINT /bin/sh

Answer 3 · 2023-11-06T08:54:17.000Z

Let me check it out

Answer 4 · 2023-11-06T14:25:58.000Z

Fixed in master. thanks for reporting!