Fix #3806: fuzzy dbt checks for CALL indirect on x86 (#3809)

rizinorg · Aug 31, 2023 · 681a6b0 · 681a6b0
1 parent a14d83f
commit 681a6b0
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/librz/debug/p/native/bt/fuzzy-all.c b/librz/debug/p/native/bt/fuzzy-all.c
@@ -21,6 +21,11 @@ static int iscallret(RzDebug *dbg, ut64 addr) {
 					      && (buf[4] & 0x06) != 0x04))) { /* R/M not 10x */
 			return 1;
 		}
+		/* check for 7-byte CALL indirect (encoded by FF 14 25) */
+		(void)dbg->iob.read_at(dbg->iob.io, addr - 7, buf, 7);
+		if (!memcmp(buf, "\xff\x14\x25", 3)) {
+			return 1;
+		}
 		// IMMAMISSINGANYOP
 	} else {
 		RzAnalysisOp op;

diff --git a/test/db/archos/linux-x64/dbg_trace1 b/test/db/archos/linux-x64/dbg_trace1
@@ -15,3 +15,19 @@ rip = 0x00000000004004ed
 rip = 0x00000000004004ed
 EOF
 RUN
+
+NAME=missing main stack frame fix (#3806)
+FILE=bins/elf/analysis/calls_x64
+ARGS=-d
+CMDS=<<EOF
+dcu main
+ds 2  # Should be dsui call; ds
+dbt~[6-]  # dbtt here would be nice
+EOF
+REGEXP_FILTER_OUT=(loc\.[a-zA-Z0-9_]+.|main\+\d+.|entry0\+\d+.)
+EXPECT=<<EOF
+loc.func_0 loc.func_00
+main+8
+entry0+41
+EOF
+RUN