xabort
instruction terminates the control flow in certain conditions
#6222
Labels
Component: Core
Issue needs changes to the core
Effort: Medium
Issue should take < 1 month
Impact: Low
Issue is a papercut or has a good, supported workaround
Type: Bug
Issue is a non-crashing bug with repro steps
Milestone
While looking at mandiant/capa#2406, I noticed a very strange issue that the number of basic blocks of a function can be reported different in certain conditions (yet unknown).
To start with, due to mandiant/capa#2516, the capa is getting the list of basic blocks of each function twice instead of once. And for function 0x5494e0, when it pulls the list of basic blocks, binja reports 13 basic blocks for the first time, but only one basic block in the second time. If I open the binary in binja GUI, i also see 13 functions. It is yet unclear why we would report only one functions in the second time.
But the basic block is indeed unusual, it contains an
xabort
instruction. And as can be seen in the below screenshot, for some reason we split the code at 0x5494e7 (which is immediately after the xabort instruciotn) into a new basic block. So maybexabort
somehow terminates the basic block? And in the second time we query the list of basic blocks, maybe certain analysis info is not yet ready, so the function does not contain other basic blocks.2f7f5fb5de175e770d7eae87666f9831.elf_.zip
The text was updated successfully, but these errors were encountered: