From 741b69d9090262eb0031d92c79cd19bd6b618b93 Mon Sep 17 00:00:00 2001
From: caheckman <48068198+caheckman@users.noreply.github.com>
Date: Thu, 5 Mar 2026 18:55:32 +0000
Subject: [PATCH] GP-6538 Don't assume slot == 1 in for RETURN

---
 Ghidra/Features/Decompiler/src/decompile/cpp/condexe.cc | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/Ghidra/Features/Decompiler/src/decompile/cpp/condexe.cc b/Ghidra/Features/Decompiler/src/decompile/cpp/condexe.cc
index d70ec51f32..97d7459eeb 100644
--- a/Ghidra/Features/Decompiler/src/decompile/cpp/condexe.cc
+++ b/Ghidra/Features/Decompiler/src/decompile/cpp/condexe.cc
@@ -336,16 +336,15 @@ void ConditionalExecution::doReplacement(PcodeOp *op)
       if (readop->code() == CPUI_MULTIEQUAL) {
 	rvn = getMultiequalRead(op, readop, slot);
       }
-      else if (readop->code() == CPUI_RETURN) {		// Cannot replace input of RETURN directly, create COPY to hold input
-	Varnode *retvn = readop->getIn(1);
+      else if (readop->code() == CPUI_RETURN && slot > 0) {	// Cannot replace input of RETURN directly, create COPY to hold input
 	PcodeOp *newcopyop = fd->newOp(1,readop->getAddr());
 	fd->opSetOpcode(newcopyop,CPUI_COPY);
-	Varnode *outvn = fd->newVarnodeOut(retvn->getSize(),retvn->getAddr(),newcopyop); // Preserve the CPUI_RETURN storage address
-	fd->opSetInput(readop,outvn,1);
+	Varnode *outvn = fd->newVarnodeOut(vn->getSize(),vn->getAddr(),newcopyop); // Preserve the Varnode's storage address
+	fd->opSetInput(readop,outvn,slot);
 	fd->opInsertBefore(newcopyop,readop);
 	readop = newcopyop;
 	slot = 0;
-	rvn = getReplacementRead(op,bl);
+	rvn = getReplacementRead(op,bl);	// COPY gets the replacement read
       }
       else
 	rvn = getReplacementRead(op,bl);