Fixup chains not properly handled in Mach-O view #7870
Description
Version and Platform:
- Version: Binary Ninja 5.3.8844-dev
- Edition: Commercial
- OS: macOS
- OS Version: Tahoe 26.1 (
25B78) - CPU Architecture: M2 Pro
Bug Description:
For some iOS binaries, dyld_chained_ptr_64_bind pointers (format DYLD_CHAINED_PTR_64) are not properly handled in fixup chains. These are heavily used in the __got section:
Steps To Reproduce:
- Download this example IPA (should work with other ones).
- Load the
Deltabinary it contains with Binary Ninja
Expected Behavior:
Every bind pointer should be bound to its corresponding symbol, by navigating structures of the LC_DYLD_CHAINED_FIXUPS load command.
I suspect symbols are resolved correctly at some point as the following log message appear for every unbound pointer:
[BinaryView.MachoView] Failed to find external symbol "<symbol-name>", couldn't bind symbol at <address>