analysis: fix the function owner computation by considering the next …

…field as offset instead of address. analysis: add off() in Unpacker to extract offsets (basically addr with sign conversion)
williballenthin · Aug 20, 2020 · 0973173 · 0973173
1 parent 9c55c12
commit 0973173
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/idb/analysis.py b/idb/analysis.py
@@ -208,6 +208,13 @@ def addr(self):
         else:
             raise RuntimeError("unexpected wordsize")
 
+    def off(self):
+        offset = self.addr()
+        mask = (2 ** (self.wordsize *8 )) - 1
+        if offset & (1 << ((self.wordsize * 8) - 1)):
+            return offset | ~mask
+        else:
+            return offset
 
 Field = namedtuple("Field", ["name", "tag", "index", "cast", "minver"])
 # namedtuple default args.
@@ -966,8 +973,10 @@ def __init__(self, buf, wordsize):
                 # eg. all of these, if high bit of flags not set.
                 pass
         else:
+            # We are in a function tail. Chunks can be above or below the tail
+            # owner
             try:
-                self.owner = self.startEA - u.addr()
+                self.owner = self.startEA - u.off()
                 self.refqty = u.dd()
             except IndexError:
                 # see warning note above