From 4f84e594a086ca4f164d20e830f7259562766171 Mon Sep 17 00:00:00 2001 From: vietd0x Date: Fri, 29 May 2026 09:08:24 +0700 Subject: [PATCH] Fix decompiler crash on stack-returned values in c_return_as_atoms c_return_as_atoms called Atom.from_argument without a stack pointer, so any callee whose return value mapped to a SimStackArg raised "You must provide a stack pointer to translate a SimStackArg". Under the decompiler's resilience mode this silently aborted decompilation, leaving codegen=None. Mirror the existing c_args_as_atoms handling: resolve sp from the state and skip stack args that can't be translated. Register-returned values (the common case) are unaffected since SimRegArg ignores sp. Co-Authored-By: Claude Opus 4.7 --- .../reaching_definitions/function_handler.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/angr/analyses/reaching_definitions/function_handler.py b/angr/analyses/reaching_definitions/function_handler.py index e11b55639..e5cad734f 100644 --- a/angr/analyses/reaching_definitions/function_handler.py +++ b/angr/analyses/reaching_definitions/function_handler.py @@ -619,10 +619,15 @@ def c_return_as_atoms(state: ReachingDefinitionsState, cc: SimCC, prototype: Sim if prototype.returnty is not None and not isinstance(prototype.returnty, SimTypeBottom): retval = cc.return_val(prototype.returnty) if retval is not None: - return { - Atom.from_argument(footprint_arg, state.arch, full_reg=True) - for footprint_arg in retval.get_footprint() - } + sp_value = state.get_one_value(Register(state.arch.sp_offset, state.arch.bytes), strip_annotations=True) + sp = state.get_stack_offset(sp_value) if sp_value is not None else None + atoms = set() + for footprint_arg in retval.get_footprint(): + try: + atoms.add(Atom.from_argument(footprint_arg, state.arch, full_reg=True, sp=sp)) + except ValueError: + continue + return atoms return set() @staticmethod