[[email protected]:294] AttributeError: 'NoneType' object has no attribute 'members'

[bugfinder-bot]

What happened?

  File "/opt/dewolf/decompiler/util/bugfinder/bugfinder.py", line 201, in iter_function_reports
    task, code = self.decompile(function, task_options=options)
  File "/opt/dewolf/decompile.py", line 80, in decompile
    result = self.decompile_all([function_id], task_options)
  File "/opt/dewolf/decompile.py", line 64, in decompile_all
    self._frontend.lift(task)
  File "/opt/dewolf/decompiler/frontend/binaryninja/frontend.py", line 83, in lift
    raise e
  File "/opt/dewolf/decompiler/frontend/binaryninja/frontend.py", line 76, in lift
    task.cfg = parser.parse(function)
  File "/opt/dewolf/decompiler/frontend/binaryninja/parser.py", line 49, in parse
    index_to_BasicBlock[basic_block.index] = BasicBlock(basic_block.index, instructions=list(self._lift_instructions(basic_block)))
  File "/opt/dewolf/decompiler/frontend/binaryninja/parser.py", line 148, in _lift_instructions
    if lifted_instruction := self._lifter.lift(instruction):
  File "/opt/dewolf/decompiler/frontend/binaryninja/lifter.py", line 33, in lift
    if pseudo_expression := handler(expression, **kwargs):
  File "/opt/dewolf/decompiler/frontend/binaryninja/handlers/assignments.py", line 134, in lift_store
    self._lifter.lift(assignment.src),
  File "/opt/dewolf/decompiler/frontend/binaryninja/lifter.py", line 33, in lift
    if pseudo_expression := handler(expression, **kwargs):
  File "/opt/dewolf/decompiler/frontend/binaryninja/handlers/constants.py", line 61, in lift_constant_pointer
    res = self._lifter.lift(variable, view=view, parent=pointer)
  File "/opt/dewolf/decompiler/frontend/binaryninja/lifter.py", line 33, in lift
    if pseudo_expression := handler(expression, **kwargs):
  File "/opt/dewolf/decompiler/frontend/binaryninja/handlers/globals.py", line 179, in lift_global_variable
    return self._lift_datavariable_by_type[type(variable.type)](variable, parent, callers=callers)
  File "/opt/dewolf/decompiler/frontend/binaryninja/handlers/globals.py", line 248, in _lift_pointer_type
    self._lifter.lift(self._view.get_data_var_at(variable.value), view=self._view, callers=callers),
  File "/opt/dewolf/decompiler/frontend/binaryninja/lifter.py", line 33, in lift
    if pseudo_expression := handler(expression, **kwargs):
  File "/opt/dewolf/decompiler/frontend/binaryninja/handlers/globals.py", line 179, in lift_global_variable
    return self._lift_datavariable_by_type[type(variable.type)](variable, parent, callers=callers)
  File "/opt/dewolf/decompiler/frontend/binaryninja/handlers/globals.py", line 264, in _lift_named_type_ref
    return self._lift_struct_helper(variable, parent, struct_type)
  File "/opt/dewolf/decompiler/frontend/binaryninja/handlers/globals.py", line 294, in _lift_struct_helper
    for member_type in struct_type.members:

Error class [email protected]:294 contains 370 cases.

How to reproduce?

python decompile.py 28a992ea7b9df22a7b7bcc04ecb3f3b89e5ea022f03b765bf1f12edd61df779f sub_100022a0 --debug

sample: 28a992ea7b9df22a7b7bcc04ecb3f3b89e5ea022f03b765bf1f12edd61df779f
case: https://bugfinder.seclab-bonn.de/case/82535/
dewolf commit: 6a4eda6
Binaryninja version: 3.5.4526

[rihi]

Caused by BinaryNinja returning a NamedTypeReference to a Type which BinaryNinja claims to not exist.

[NeoQuix]

Ah yes forgot the Bugfinder line bug.
Will close #441 and post comment here

[NeoQuix]

Same observation as before:

BNinja has a concept of type references (NamedTypeReferenceClass), that point to a real type in the binary view.
However, in this case the type pointed at is not existent, thus yielding a NoneType and creating an exception.
The API does allow in the type hints to return a NoneType (Optional).

An example for this exception is the following type:
struct std::basic_istream<char,struct std::char_traits >::vftable'

Without a type, the value and size is unknown, wherefore the lifter can't create our custom type.
Possible upstream issue.