Edition in commit b703dfbf17c0cf for compute_calls in libr/core/cmd_anal.c
is wrong, since it leads to memory leak.
If xrefs is null, then r_list_free (xrefs) does nothing;
else, xrefs is set to null in if branch True, then r_list_free dose nothing.
Therefore, call to r_list_free is useless.
However, we should free xrefs in if branch True.
Signed-off-by: Young Xiao <YangX92@hotmail.com>
It was assumed all the values were functions but that might not be
true and then wrong hints would be set.
This should be handled by ESIL which is the only one it will know whether
a call is gonna be made with the data under analysis.
The issue #12340 shows how data is wrongly interpreted.
const int a = 0x000103c9;
int main()
{
int b;
b = 2;
b = b + a;
return 0;
}
It gets translated to
┌ (fcn) main 56
│ main (int argc, char **argv, char **envp);
│ ; UNKNOWN XREF from entry0 (+0x34)
│ 0x000103c8 04b02de5 str fp, [sp, -4]!
│ 0x000103cc 00b08de2 add fp, sp, 0
│ 0x000103d0 0cd04de2 sub sp, sp, 0xc
│ 0x000103d4 0230a0e3 mov r3, 2
│ 0x000103d8 08300be5 str r3, [local_8h] ; 8
│ 0x000103dc 1c209fe5 ldr r2, aav.0x000103c9 ; [0x10400:4]=0x103c9 aav.0x000103c9
│ 0x000103e0 08301be5 ldr r3, [local_8h] ; 8
│ 0x000103e4 023083e0 add r3, r3, r2
│ 0x000103ec 0030a0e3 mov r3, 0
│ 0x000103f0 0300a0e1 mov r0, r3
│ 0x000103f4 00d08be2 add sp, fp, 0
│ 0x000103f8 04b09de4 pop {fp}
└ 0x000103fc 1eff2fe1 bx lr
; DATA XREF from main (0x103dc)
0x00010400 .dword 0x000103c9 ; main
There are other cases where they should be handled elsewhere like below
| # 0x000102f8 0c009fe5 ldr r0, [0x0001030c] ; [0x1030c:4]=0x103c8 main
| # 0x000102fc 0c309fe5 ldr r3, aav.0x00010404 ; [0x10310:4]=0x10404 aav.0x00010404
| # 0x00010300 ebffffeb bl sym.imp.__libc_start_main ;[1] ; int __libc_start_main(func main, int argc, char **ubp_av, func init, func fini, func rtld_fini, void *stack_end)
# 0x00010304 f0ffffeb bl sym.imp.abort ;[2] ; void abort(void)
r2 should handle __libc_start_main to detect those functions but aav
should not make those assumptions
