PyPI - angr - Versions diffs - 9.2.123__py3-none-manylinux2014_aarch64.whl → 9.2.125__py3-none-manylinux2014_aarch64.whl - Mend

angr 9.2.123__py3-none-manylinux2014_aarch64.whl → 9.2.125__py3-none-manylinux2014_aarch64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of angr might be problematic. Click here for more details.

Files changed (103) hide show

angr/analyses/decompiler/decompiler.py CHANGED Viewed

@@ -66,14 +66,16 @@ class Decompiler(Analysis):
         decompile=True,
         regen_clinic=True,
         inline_functions=frozenset(),
+        desired_variables=frozenset(),
         update_memory_data: bool = True,
         generate_code: bool = True,
+        use_cache: bool = True,
     ):
         if not isinstance(func, Function):
             func = self.kb.functions[func]
         self.func: Function = func
         self._cfg = cfg.model if isinstance(cfg, CFGFast) else cfg
-        self._options = options
+        self._options = options or []
         if preset is None and optimization_passes:
             self._optimization_passes = optimization_passes
@@ -102,6 +104,27 @@ class Decompiler(Analysis):
         self._update_memory_data = update_memory_data
         self._generate_code = generate_code
         self._inline_functions = inline_functions
+        self._desired_variables = desired_variables
+        self._cache_parameters = (
+            {
+                "cfg": self._cfg,
+                "variable_kb": self._variable_kb,
+                "options": {(o, v) for o, v in self._options if o.category != "Display" and v != o.default_value},
+                "optimization_passes": self._optimization_passes,
+                "sp_tracker_track_memory": self._sp_tracker_track_memory,
+                "peephole_optimizations": self._peephole_optimizations,
+                "vars_must_struct": self._vars_must_struct,
+                "flavor": self._flavor,
+                "expr_comments": self._expr_comments,
+                "stmt_comments": self._stmt_comments,
+                "ite_exprs": self._ite_exprs,
+                "binop_operators": self._binop_operators,
+                "inline_functions": self._inline_functions,
+                "desired_variables": self._desired_variables,
+            }
+            if use_cache
+            else None
+        )
         self.clinic = None  # mostly for debugging purposes
         self.codegen: CStructuredCodeGenerator | None = None
@@ -111,27 +134,43 @@ class Decompiler(Analysis):
         self.unoptimized_ail_graph: networkx.DiGraph | None = None
         self.ail_graph: networkx.DiGraph | None = None
         self.vvar_id_start = None
+        self._optimization_scratch: dict[str, Any] = {}
         if decompile:
             self._decompile()
+    def _can_use_decompilation_cache(self, cache: DecompilationCache) -> bool:
+        a, b = self._cache_parameters, cache.parameters
+        id_checks = {"cfg", "variable_kb"}
+        return all(a[k] is b[k] if k in id_checks else a[k] == b[k] for k in self._cache_parameters)
     @timethis
     def _decompile(self):
         if self.func.is_simprocedure:
             return
-        # Load from cache
-        try:
-            cache = self.kb.structured_code[(self.func.addr, self._flavor)]
+        cache = None
+        if self._cache_parameters is not None:
+            try:
+                cache = self.kb.decompilations[self.func.addr]
+                if not self._can_use_decompilation_cache(cache):
+                    cache = None
+            except KeyError:
+                pass
+        if cache:
             old_codegen = cache.codegen
             old_clinic = cache.clinic
             ite_exprs = cache.ite_exprs if self._ite_exprs is None else self._ite_exprs
             binop_operators = cache.binop_operators if self._binop_operators is None else self._binop_operators
-        except KeyError:
-            ite_exprs = self._ite_exprs
-            binop_operators = self._binop_operators
+            l.debug("Decompilation cache hit")
+        else:
             old_codegen = None
             old_clinic = None
+            ite_exprs = self._ite_exprs
+            binop_operators = self._binop_operators
+            l.debug("Decompilation cache miss")
         self.options_by_class = defaultdict(list)
@@ -167,6 +206,7 @@ class Decompiler(Analysis):
             fold_callexprs_into_conditions = True
         cache = DecompilationCache(self.func.addr)
+        cache.parameters = self._cache_parameters
         cache.ite_exprs = ite_exprs
         cache.binop_operators = binop_operators
@@ -189,6 +229,8 @@ class Decompiler(Analysis):
                 cache=cache,
                 progress_callback=progress_callback,
                 inline_functions=self._inline_functions,
+                desired_variables=self._desired_variables,
+                optimization_scratch=self._optimization_scratch,
                 **self.options_to_params(self.options_by_class["clinic"]),
             )
         else:
@@ -302,6 +344,8 @@ class Decompiler(Analysis):
         self.cache.codegen = codegen
         self.cache.clinic = self.clinic
+        self.kb.decompilations[self.func.addr] = self.cache
     def _recover_regions(self, graph: networkx.DiGraph, condition_processor, update_graph: bool = True):
         return self.project.analyses[RegionIdentifier].prep(kb=self.kb)(
             self.func,
@@ -355,6 +399,7 @@ class Decompiler(Analysis):
                 variable_kb=self._variable_kb,
                 reaching_definitions=reaching_definitions,
                 entry_node_addr=self.clinic.entry_node_addr,
+                scratch=self._optimization_scratch,
                 **kwargs,
             )
@@ -414,6 +459,7 @@ class Decompiler(Analysis):
                 reaching_definitions=reaching_definitions,
                 vvar_id_start=self.vvar_id_start,
                 entry_node_addr=self.clinic.entry_node_addr,
+                scratch=self._optimization_scratch,
                 **kwargs,
             )
@@ -442,7 +488,7 @@ class Decompiler(Analysis):
                 continue
             pass_ = timethis(pass_)
-            a = pass_(self.func, seq=seq_node, **kwargs)
+            a = pass_(self.func, seq=seq_node, scratch=self._optimization_scratch, **kwargs)
             if a.out_seq:
                 seq_node = a.out_seq

angr/analyses/decompiler/dephication/graph_vvar_mapping.py CHANGED Viewed

@@ -3,7 +3,7 @@ import logging
 from collections import defaultdict
 from ailment.block import Block
-from ailment.expression import Phi, VirtualVariable
+from ailment.expression import Phi, VirtualVariable, VirtualVariableCategory
 from ailment.statement import Assignment, Jump, ConditionalJump, Label
 from angr.analyses import Analysis
@@ -213,8 +213,16 @@ class GraphDephicationVVarMapping(Analysis):  # pylint:disable=abstract-method
                 the_block = self._blocks[(src_block_addr, src_block_idx)]
                 ins_addr = the_block.addr + the_block.original_size - 1
+                if vvar.category == VirtualVariableCategory.PARAMETER:
+                    # it's a parameter, so we copy the variable into a dummy register vvar
+                    # a parameter vvar should never be assigned to
+                    new_category = VirtualVariableCategory.REGISTER
+                    new_oident = 4096
+                else:
+                    new_category = vvar.category
+                    new_oident = vvar.oident
                 new_vvar = VirtualVariable(
-                    None, new_vvar_id, vvar.bits, vvar.category, oident=vvar.oident, ins_addr=ins_addr
+                    None, new_vvar_id, vvar.bits, new_category, oident=new_oident, ins_addr=ins_addr
                 )
                 assignment = Assignment(None, new_vvar, vvar, ins_addr=ins_addr)

angr/analyses/decompiler/dephication/rewriting_engine.py CHANGED Viewed

@@ -3,7 +3,7 @@ from __future__ import annotations
 import logging
 from ailment.block import Block
-from ailment.statement import Statement, Assignment, Store, Call, Return, ConditionalJump
+from ailment.statement import Statement, Assignment, Store, Call, Return, ConditionalJump, DirtyStatement
 from ailment.expression import (
     Register,
     VirtualVariable,
@@ -14,6 +14,8 @@ from ailment.expression import (
     Convert,
     StackBaseOffset,
     ITE,
+    VEXCCallExpression,
+    DirtyExpression,
 )
 from angr.engines.light import SimEngineLight, SimEngineLightAILMixin
@@ -139,10 +141,19 @@ class SimEngineDephiRewriting(
                 args=stmt.args,
                 ret_expr=stmt.ret_expr if new_ret_expr is None else new_ret_expr,
                 fp_ret_expr=stmt.fp_ret_expr if new_fp_ret_expr is None else new_fp_ret_expr,
+                bits=stmt.bits,
                 **stmt.tags,
             )
         return None
+    _handle_CallExpr = _handle_Call
+    def _handle_DirtyStatement(self, stmt: DirtyStatement) -> DirtyStatement | None:
+        dirty = self._expr(stmt.dirty)
+        if dirty is None or dirty is stmt.dirty:
+            return None
+        return DirtyStatement(stmt.idx, dirty, **stmt.tags)
     def _handle_Register(self, expr: Register) -> None:
         return None
@@ -243,5 +254,57 @@ class SimEngineDephiRewriting(
             )
         return None
+    def _handle_VEXCCallExpression(self, expr: VEXCCallExpression) -> VEXCCallExpression | None:
+        new_operands = []
+        updated = False
+        for o in expr.operands:
+            new_o = self._expr(o)
+            if new_o is not None:
+                updated = True
+                new_operands.append(new_o)
+            else:
+                new_operands.append(o)
+        if updated:
+            return VEXCCallExpression(
+                expr.idx,
+                expr.callee,
+                new_operands,
+                bits=expr.bits,
+                **expr.tags,
+            )
+        return None
+    def _handle_DirtyExpression(self, expr: DirtyExpression) -> DirtyExpression | None:
+        new_operands = []
+        updated = False
+        for o in expr.operands:
+            new_o = self._expr(o)
+            if new_o is not None:
+                updated = True
+                new_operands.append(new_o)
+            else:
+                new_operands.append(o)
+        new_guard = None
+        if expr.guard is not None:
+            new_guard = self._expr(expr.guard)
+            if new_guard is not None:
+                updated = True
+        if updated:
+            return DirtyExpression(
+                expr.idx,
+                expr.callee,
+                new_operands,
+                guard=new_guard,
+                mfx=expr.mfx,
+                maddr=expr.maddr,
+                msize=expr.msize,
+                bits=expr.bits,
+                **expr.tags,
+            )
+        return None
     def _handle_StackBaseOffset(self, expr: StackBaseOffset) -> None:
         return None

angr/analyses/decompiler/expression_narrower.py CHANGED Viewed

@@ -105,7 +105,11 @@ class NarrowingInfoExtractor(AILBlockWalkerBase):
     def _handle_DirtyExpression(
         self, expr_idx: int, expr: DirtyExpression, stmt_idx: int, stmt: Statement, block: Block | None
     ):
-        return self._handle_expr(0, expr.dirty_expr, stmt_idx, stmt, block)
+        r = False
+        if expr.operands:
+            for i, op in enumerate(expr.operands):
+                r |= self._handle_expr(i, op, stmt_idx, stmt, block)
+        return r
     def _handle_VEXCCallExpression(
         self, expr_idx: int, expr: VEXCCallExpression, stmt_idx: int, stmt: Statement, block: Block | None

angr/analyses/decompiler/optimization_passes/__init__.py CHANGED Viewed

@@ -26,6 +26,7 @@ from .cross_jump_reverter import CrossJumpReverter
 from .code_motion import CodeMotionOptimization
 from .switch_default_case_duplicator import SwitchDefaultCaseDuplicator
 from .deadblock_remover import DeadblockRemover
+from .tag_slicer import TagSlicer
 from .inlined_string_transformation_simplifier import InlinedStringTransformationSimplifier
 from .const_prop_reverter import ConstPropOptReverter
 from .call_stmt_rewriter import CallStatementRewriter
@@ -59,6 +60,7 @@ ALL_OPTIMIZATION_PASSES = [
     FlipBooleanCmp,
     InlinedStringTransformationSimplifier,
     CallStatementRewriter,
+    TagSlicer,
 ]
 # these passes may duplicate code to remove gotos or improve the structure of the graph
@@ -118,6 +120,7 @@ __all__ = (
     "ConstPropOptReverter",
     "CallStatementRewriter",
     "DuplicationReverter",
+    "TagSlicer",
     "ALL_OPTIMIZATION_PASSES",
     "DUPLICATING_OPTS",
     "CONDENSING_OPTS",

angr/analyses/decompiler/optimization_passes/div_simplifier.py CHANGED Viewed

@@ -18,7 +18,10 @@ class DivSimplifierAILEngine(SimplifierAILEngine):
     An AIL pass for the div simplifier
     """
-    def _check_divisor(self, a, b, ndigits=6):  # pylint: disable=no-self-use
+    @staticmethod
+    def _check_divisor(a, b, ndigits=6):
+        if b == 0:
+            return None
         divisor_1 = 1 + (a // b)
         divisor_2 = int(round(a / float(b), ndigits))
         return divisor_1 if divisor_1 == divisor_2 else None

angr/analyses/decompiler/optimization_passes/inlined_string_transformation_simplifier.py CHANGED Viewed

@@ -13,6 +13,7 @@ from ailment.expression import (
     BinaryOp,
     VirtualVariable,
     Phi,
+    UnaryOp,
     VirtualVariableCategory,
 )
 from ailment.statement import ConditionalJump, Jump, Assignment
@@ -238,6 +239,18 @@ class InlinedStringTransformationAILEngine(SimEngineLightAILMixin):
                 return self.state.vvar_load(vvar)
         return None
+    def _handle_Neg(self, expr: UnaryOp):
+        v = self._expr(expr.operand)
+        if isinstance(v, claripy.ast.Bits):
+            return -v
+        return None
+    def _handle_BitwiseNeg(self, expr: UnaryOp):
+        v = self._expr(expr.operand)
+        if isinstance(v, claripy.ast.Bits):
+            return ~v
+        return None
     def _handle_Convert(self, expr: Convert):
         v = self._expr(expr.operand)
         if isinstance(v, claripy.ast.Bits):

angr/analyses/decompiler/optimization_passes/ite_region_converter.py CHANGED Viewed

@@ -202,6 +202,7 @@ class ITERegionConverter(OptimizationPass):
         true_stmt_src = true_stmt.src if isinstance(true_stmt, Assignment) else true_stmt
         true_stmt_dst = true_stmt.dst if isinstance(true_stmt, Assignment) else true_stmt.ret_expr
         false_stmt_src = false_stmt.src if isinstance(false_stmt, Assignment) else false_stmt
+        false_stmt_dst = false_stmt.dst if isinstance(false_stmt, Assignment) else false_stmt.ret_expr
         addr_obj = true_stmt_src if "ins_addr" in true_stmt_src.tags else true_stmt
         ternary_expr = ITE(
@@ -209,9 +210,7 @@ class ITERegionConverter(OptimizationPass):
             conditional_jump.condition,
             false_stmt_src,
             true_stmt_src,
-            ins_addr=addr_obj.ins_addr,
-            vex_block_addr=addr_obj.vex_block_addr,
-            vex_stmt_idx=addr_obj.vex_stmt_idx,
+            **addr_obj.tags,
         )
         dst = VirtualVariable(
             true_stmt_dst.idx,
@@ -261,12 +260,32 @@ class ITERegionConverter(OptimizationPass):
             if not is_phi_assignment(stmt):
                 stmts.append(stmt)
                 continue
+            # is this the statement that we are looking for?
+            found_true_src_vvar, found_false_src_vvar = False, False
+            for src, vvar in stmt.src.src_and_vvars:
+                if vvar is not None:
+                    if vvar.varid == true_stmt_dst.varid:
+                        found_true_src_vvar = True
+                    elif vvar.varid == false_stmt_dst.varid:
+                        found_false_src_vvar = True
+            # we should only update the vvars of this phi statement if we found both true and false source vvars
+            update_vars = found_true_src_vvar and found_false_src_vvar
             new_src_and_vvars = []
+            original_vvars = []
             for src, vvar in stmt.src.src_and_vvars:
                 if src not in region_tail_pred_srcs:
                     new_src_and_vvars.append((src, vvar))
+                else:
+                    original_vvars.append(vvar)
             new_vvar = new_assignment.dst.copy()
-            new_src_and_vvars.append(((region_head.addr, region_head.idx), new_vvar))
+            if update_vars:
+                new_src_and_vvars.append(((region_head.addr, region_head.idx), new_vvar))
+            else:
+                new_src_and_vvars.append(
+                    ((region_head.addr, region_head.idx), original_vvars[0] if original_vvars else None)
+                )
             new_phi = Phi(
                 stmt.src.idx,

angr/analyses/decompiler/optimization_passes/optimization_pass.py CHANGED Viewed

@@ -1,7 +1,7 @@
 # pylint:disable=unused-argument
 from __future__ import annotations
 import logging
-from typing import TYPE_CHECKING
+from typing import Any, TYPE_CHECKING
 from collections.abc import Generator
 from enum import Enum
@@ -117,6 +117,7 @@ class OptimizationPass(BaseOptimizationPass):
         reaching_definitions=None,
         vvar_id_start=None,
         entry_node_addr=None,
+        scratch: dict[str, Any] | None = None,
         **kwargs,
     ):
         super().__init__(func)
@@ -127,6 +128,7 @@ class OptimizationPass(BaseOptimizationPass):
         self._variable_kb = variable_kb
         self._ri = region_identifier
         self._rd = reaching_definitions
+        self._scratch = scratch if scratch is not None else {}
         self._new_block_addrs = set()
         self.vvar_id_start = vvar_id_start
         self.entry_node_addr: tuple[int, int | None] = (

angr/analyses/decompiler/optimization_passes/return_duplicator_base.py CHANGED Viewed

@@ -1,6 +1,5 @@
 from __future__ import annotations
 from typing import Any
-from itertools import count
 import copy
 import logging
@@ -78,23 +77,27 @@ class ReturnDuplicatorBase:
     def __init__(
         self,
         func,
-        node_idx_start: int = 0,
         max_calls_in_regions: int = 2,
         minimize_copies_for_regions: bool = True,
         ri: RegionIdentifier | None = None,
         vvar_id_start: int | None = None,
-        **kwargs,
+        scratch: dict[str, Any] | None = None,
     ):
-        self.node_idx = count(start=node_idx_start)
         self._max_calls_in_region = max_calls_in_regions
         self._minimize_copies_for_regions = minimize_copies_for_regions
         self._supergraph = None
         # this should also be set by the optimization passes initer
+        self.scratch = scratch if scratch is not None else {}
         self._func = func
         self._ri: RegionIdentifier | None = ri
         self.vvar_id_start = vvar_id_start
+    def next_node_idx(self) -> int:
+        node_idx = self.scratch.get("returndup_node_idx", 0) + 1
+        self.scratch["returndup_node_idx"] = node_idx
+        return node_idx
     #
     # must implement these methods
     #
@@ -208,7 +211,7 @@ class ReturnDuplicatorBase:
                 else:
                     node_copy = copy.deepcopy(node)
                 node_copy = self._use_fresh_virtual_variables(node_copy, vvar_mapping)
-                node_copy.idx = next(self.node_idx)
+                node_copy.idx = self.next_node_idx()
                 self._fix_copied_node_labels(node_copy)
                 copies[node] = node_copy

angr/analyses/decompiler/optimization_passes/return_duplicator_high.py CHANGED Viewed

@@ -1,5 +1,6 @@
 from __future__ import annotations
 import logging
+from typing import Any
 import networkx
@@ -26,22 +27,26 @@ class ReturnDuplicatorHigh(OptimizationPass, ReturnDuplicatorBase):
     def __init__(
         self,
         func,
-        # internal parameters that should be used by Clinic
-        node_idx_start: int = 0,
         # settings
         max_calls_in_regions: int = 2,
         minimize_copies_for_regions: bool = True,
+        region_identifier=None,
+        vvar_id_start: int | None = None,
+        scratch: dict[str, Any] | None = None,
         **kwargs,
     ):
+        OptimizationPass.__init__(
+            self, func, vvar_id_start=vvar_id_start, scratch=scratch, region_identifier=region_identifier, **kwargs
+        )
         ReturnDuplicatorBase.__init__(
             self,
             func,
-            node_idx_start=node_idx_start,
             max_calls_in_regions=max_calls_in_regions,
             minimize_copies_for_regions=minimize_copies_for_regions,
-            **kwargs,
+            ri=region_identifier,
+            vvar_id_start=vvar_id_start,
+            scratch=scratch,
         )
-        OptimizationPass.__init__(self, func, **kwargs)
         # since we run before the RegionIdentification pass in the decompiler, we need to collect it early here
         self._ri = self._recover_regions(self._graph)

angr/analyses/decompiler/optimization_passes/return_duplicator_low.py CHANGED Viewed

@@ -1,6 +1,7 @@
 from __future__ import annotations
 import logging
 import inspect
+from typing import Any
 import networkx
@@ -46,25 +47,35 @@ class ReturnDuplicatorLow(StructuringOptimizationPass, ReturnDuplicatorBase):
     def __init__(
         self,
         func,
-        # internal parameters that should be used by Clinic
-        node_idx_start: int = 0,
         # settings
         max_opt_iters: int = 4,
         max_calls_in_regions: int = 2,
         prevent_new_gotos: bool = True,
         minimize_copies_for_regions: bool = True,
+        region_identifier=None,
+        vvar_id_start: int | None = None,
+        scratch: dict[str, Any] | None = None,
         **kwargs,
     ):
+        StructuringOptimizationPass.__init__(
+            self,
+            func,
+            max_opt_iters=max_opt_iters,
+            prevent_new_gotos=prevent_new_gotos,
+            require_gotos=True,
+            vvar_id_start=vvar_id_start,
+            scratch=scratch,
+            region_identifier=region_identifier,
+            **kwargs,
+        )
         ReturnDuplicatorBase.__init__(
             self,
             func,
-            node_idx_start=node_idx_start,
             max_calls_in_regions=max_calls_in_regions,
             minimize_copies_for_regions=minimize_copies_for_regions,
-            **kwargs,
-        )
-        StructuringOptimizationPass.__init__(
-            self, func, max_opt_iters=max_opt_iters, prevent_new_gotos=prevent_new_gotos, require_gotos=True, **kwargs
+            ri=region_identifier,
+            vvar_id_start=vvar_id_start,
+            scratch=scratch,
         )
         self.analyze()

angr/analyses/decompiler/optimization_passes/switch_default_case_duplicator.py CHANGED Viewed

@@ -75,8 +75,12 @@ class SwitchDefaultCaseDuplicator(OptimizationPass):
         default_case_node_addrs = cache["default_case_node_addrs"]
         out_graph = None
+        duplicated_default_addrs: set[int] = set()
         for switch_head_addr, jump_node_addr, default_addr in default_case_node_addrs:
+            if default_addr in duplicated_default_addrs:
+                continue
             default_case_node = self._func.get_node(default_addr)
             unexpected_pred_addrs = {
                 pred.addr
@@ -92,6 +96,8 @@ class SwitchDefaultCaseDuplicator(OptimizationPass):
                 for jump_node in jump_nodes:
                     jump_node_descedents |= networkx.descendants(self._graph, jump_node)
+                duplicated_default_addrs.add(default_addr)
                 # duplicate default_case_node for each unexpected predecessor
                 for unexpected_pred_addr in unexpected_pred_addrs:
                     for unexpected_pred in self._get_blocks(unexpected_pred_addr):

angr/analyses/decompiler/optimization_passes/tag_slicer.py ADDED Viewed

@@ -0,0 +1,41 @@
+# pylint:disable=too-many-boolean-expressions
+from __future__ import annotations
+import logging
+from ailment.statement import ConditionalJump, Jump, Label
+from .optimization_pass import OptimizationPass, OptimizationPassStage
+_l = logging.getLogger(name=__name__)
+class TagSlicer(OptimizationPass):
+    """
+    Removes unmarked statements from the graph.
+    """
+    ARCHES = None
+    PLATFORMS = None
+    STAGE = OptimizationPassStage.AFTER_VARIABLE_RECOVERY
+    NAME = "Remove unmarked statements from the graph."
+    DESCRIPTION = __doc__.strip()
+    def __init__(self, func, **kwargs):
+        super().__init__(func, **kwargs)
+        self.analyze()
+    def _check(self):
+        return True, {}
+    def _analyze(self, cache=None):
+        for n in self._graph.nodes():
+            for i, s in enumerate(n.statements):
+                if isinstance(s, (ConditionalJump, Jump, Label)):
+                    continue
+                if not s.tags.get("keep_in_slice", False):
+                    n.statements[i] = None
+        for n in self._graph.nodes():
+            n.statements = [s for s in n.statements if s is not None]
+        self.out_graph = self._graph

angr/analyses/decompiler/optimization_passes/win_stack_canary_simplifier.py CHANGED Viewed

@@ -100,6 +100,8 @@ class WinStackCanarySimplifier(OptimizationPass):
         for pred_addr in pred_addr_to_endpoint_addrs:
             # the predecessor should call _security_check_cookie
             endpoint_preds = list(self._get_blocks(pred_addr))
+            if not endpoint_preds:
+                continue
             if self._find_stmt_calling_security_check_cookie(endpoint_preds[0]) is None:
                 _l.debug("The predecessor does not call _security_check_cookie().")
                 continue

angr/analyses/decompiler/peephole_optimizations/const_mull_a_shift.py CHANGED Viewed

@@ -182,6 +182,8 @@ class ConstMullAShift(PeepholeOptimizationExprBase):
     @staticmethod
     def _check_divisor(a, b, ndigits=6):
+        if b == 0:
+            return None
         divisor_1 = 1 + (a // b)
         divisor_2 = int(round(a / float(b), ndigits))
         return divisor_1 if divisor_1 == divisor_2 else None

angr/analyses/decompiler/peephole_optimizations/constant_derefs.py CHANGED Viewed

@@ -1,6 +1,6 @@
 from __future__ import annotations
 from ailment.expression import Load, Const
-from cle.backends import Blob
+from cle.backends import Blob, Hex
 from .base import PeepholeOptimizationExprBase
@@ -32,7 +32,7 @@ class ConstantDereferences(PeepholeOptimizationExprBase):
             # is it loading from a blob?
             obj = self.project.loader.find_object_containing(expr.addr.value)
-            if obj is not None and isinstance(obj, Blob):
+            if obj is not None and isinstance(obj, (Blob, Hex)):
                 # do we know the value that it's reading?
                 try:
                     val = self.project.loader.memory.unpack_word(expr.addr.value, size=self.project.arch.bytes)