From d368e935856ef6784bf4f7db56ab6f0fa25f88fc Mon Sep 17 00:00:00 2001 From: emteere <47253321+emteere@users.noreply.github.com> Date: Thu, 12 Feb 2026 22:08:36 +0000 Subject: [PATCH] GP-6442 Fixing spurious references in called functions the are branched to and discovered to be called during constant propagation --- .../java/ghidra/program/util/SymbolicPropogator.java | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/Ghidra/Features/Base/src/main/java/ghidra/program/util/SymbolicPropogator.java b/Ghidra/Features/Base/src/main/java/ghidra/program/util/SymbolicPropogator.java index 301d84edbb..d27f62df13 100644 --- a/Ghidra/Features/Base/src/main/java/ghidra/program/util/SymbolicPropogator.java +++ b/Ghidra/Features/Base/src/main/java/ghidra/program/util/SymbolicPropogator.java @@ -484,6 +484,9 @@ public class SymbolicPropogator { throws CancelledException { visitedBody = new AddressSet(); AddressSet conflicts = new AddressSet(); + + // Locations that were jump and are now call targets and might be on saved future flows + HashSet
doNotFlowTo = new HashSet<>(); // prime the context stack with the entry point address Stack contextStack = new Stack<>(); @@ -536,6 +539,11 @@ public class SymbolicPropogator { } } } + + // don't follow flow if on list of jump targets that were turned into calls + if (doNotFlowTo.contains(nextAddr)) { + continue; + } HashSet
visitSet = visitedMap.get(nextAddr); if (visitSet != null) { @@ -636,6 +644,9 @@ public class SymbolicPropogator { Address targets[] = getInstructionFlows(instr); for (Address target : targets) { handleFunctionSideEffects(instr, target, monitor); + // a jump target has already been pushed as a future flow trace + // need to make sure values aren't propagated into the call targets + doNotFlowTo.add(target); } }