Using tp when sizeof(type) > block size results in zeros in values #16335
Description
When using tp with a type that is greater than block size, all fields that are printed beyond the block boundary are silently set to 0.
Work environment
| Questions | Answers |
|---|---|
| OS/arch/bits (mandatory) | Arch linux x86_64 |
| File format of the file you reverse (mandatory) | Binary image file |
| Architecture/bits of the file (mandatory) | N/A |
| r2 -v full output, not truncated (mandatory) | radare2 4.3.1 0 @ linux-x86-64 git.4.3.1 commit: unknown build: 2020-03-20__16:02:58 |
Expected behavior
I would have expected r2 to have at least printed a warning that sizeof(type) is greater than the block boundary and therefore those fields have an incorrect value.
Another alternative is for r2 to temporarily set the block size to match that of the type being printed so all fields have the correct value.
Actual behavior
All fields beyond block boundary are set to 0.
Steps to reproduce the behavior
Create a binary file:
$ yes | dd of=/tmp/test bs=1 count=1024Load that file into r2, set a block size smaller than a type and print:
r2 /tmp/test/
[0x00000000]> b 10
[0x00000000]> "td struct foobar{uint32_t a; uint32_t b; uint32_t c; uint32_t d;}"
[0x00000000]> tp foobar
a : 0x00000000 = 175704697
b : 0x00000004 = 175704697
c : 0x00000008 = 2681
d : 0x0000000c = 0
[0x00000000]>
If block size is increased correct values are returned:
[0x00000000]> b 16
[0x00000000]> tp foobar
a : 0x00000000 = 175704697
b : 0x00000004 = 175704697
c : 0x00000008 = 175704697
d : 0x0000000c = 175704697
[0x00000000]>