Thanks to visit codestin.com
Credit goes to Github.com

Skip to content

Pointer to an array presents as an array in decomp #5840

New issue
New issue
Open
Open
Pointer to an array presents as an array in decomp#5840
Assignees
ltfish
Labels
bugSomething is broken
@tedanvosin

Description

@tedanvosin
tedanvosin
opened on Nov 26, 2025

Description

In decompilation of the function sub_4011a9 , angr inferes the length of an char array as 18446744073709551616, ie. 2^64, making it bigger than the function stack frame.

variables detected by angr:

long long sub_4011a9(char *a0, unsigned long a1, void* a2)
{
    unsigned int v0;  // [bp-0x3c]
    unsigned int v1;  // [bp-0x38]
    unsigned int v2;  // [bp-0x34]
    unsigned int v3;  // [bp-0x30]
    unsigned int v4;  // [bp-0x2c]
    unsigned int v5;  // [bp-0x28]
    unsigned int v6;  // [bp-0x24]
    char v7[18446744073709551616];  // [bp-0x20]
    unsigned int v8;  // [bp-0x14]
    unsigned int v9;  // [bp-0x10]
    unsigned int v10;  // [bp-0xc]
    unsigned long v12;  // rax
    unsigned int v13;  // eax
    unsigned long v14;  // rax
    unsigned int v15;  // eax
    unsigned long v16;  // rax
    unsigned int v17;  // eax
    unsigned long v18;  // rax
    unsigned long v19;  // rax
    unsigned long v20;  // rax
    unsigned long v21;  // rax

variables detected by ida:

char *__fastcall sub_11A9(char *a1, unsigned __int64 a2, size_t *a3)
{
  int v3; // eax
  int v4; // eax
  int v5; // eax
  int v6; // eax
  int v7; // eax
  int v8; // eax
  int v9; // eax
  int v10; // eax
  int v11; // eax
  _DWORD v14[3]; // [rsp+2Ch] [rbp-34h]
  unsigned int v15; // [rsp+38h] [rbp-28h]
  int v16; // [rsp+3Ch] [rbp-24h]
  int v17; // [rsp+40h] [rbp-20h]
  int v18; // [rsp+44h] [rbp-1Ch]
  char *v19; // [rsp+48h] [rbp-18h]
  int i; // [rsp+54h] [rbp-Ch]
  int v21; // [rsp+58h] [rbp-8h]
  int v22; // [rsp+5Ch] [rbp-4h]

file.zip

Steps to reproduce the bug

No response

Environment

No response

Additional context

No response

Metadata

Metadata

Assignees

Labels

bugSomething is broken

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions