Boomerang version:
v0.5.1 (d4d9aea)
Steps to reproduce:
- Decompile an executable containing a switch statement that is propagated to
Additional comments:
When decompiling an executable containing a switch statement, the following may happen:
- The RTL for the switch statement is created. After conversion to SSA form, the computed jump from the switch statement references statement
a.
- Statement propagation is applied. The computed jump now contains a reference to statement
b.
- After switch/case analysis, the switch expression is saved by
IFrontEnd::saveDecodedRTL.
- The whole CFG is re-created. When re-creating the RTL for the switch statement, the previously-saved RTL referencing statement
b is re-loaded. This is a different statement and after propagation the switch expression may be different from before re-decoding, which is incorrect.
The best solution would be to separate disassembly and lifting of instructions and just clearing and re-lifting the IR for each machine instruction after analyzing switch statements and other computed CTIs.
Boomerang version:
v0.5.1 (d4d9aea)
Steps to reproduce:
Additional comments:
When decompiling an executable containing a switch statement, the following may happen:
a.b.IFrontEnd::saveDecodedRTL.bis re-loaded. This is a different statement and after propagation the switch expression may be different from before re-decoding, which is incorrect.The best solution would be to separate disassembly and lifting of instructions and just clearing and re-lifting the IR for each machine instruction after analyzing switch statements and other computed CTIs.