macho_best_slice is broken?

Recently Apple deprecated the NXFindBestFatArch, used to find the most compatible / appropriate slice in a universal/fat binary.

However its replacement macho_best_slice is broken and will return EBADARCH for any non-Apple binary 😓

The issue seems to be that the dyld3::GradedArchs::grade method does not take into the account the nuances of the CPU sub types of type *_ALL. Namely that any CPU with a more specific sub type (e.g. CPU_SUBTYPE_ARM64E) can also still execute code compiled with a CPU sub type of *_ALL (e.g. CPU_SUBTYPE_ARM64_ALL).

All the details (+code, +debugging, +disassembly) posted at: https://objective-see.org/blog/blog_0x80.html.

Also, hrmm!?:

Up vote post of asfdadsfasdfasdfsasdafads Down vote post of asfdadsfasdfasdfsasdafads
268 views
Posted by
asfdadsfasdfasdfsasdafads
Reply
Add a Comment

Replies

Alternately (as noted in the writeup on the Objective-See site), the issue could also be due the fact that the grade method is simply invoked with the wrong grades.

The ones passed in, (in source code named “launchArchs”) are initialized via a call to forCurrentOS which returns just GRADE_arm64e:

const GradedArchs* launchArchs = &GradedArchs::forCurrentOS(false, false);


However, if Apple had instead invoked GradedArchs::launchCurrentOS, it would return launch_AS:

const GradedArchs GradedArchs::launch_AS =  GradedArchs({GRADE_arm64e,  3}, {GRADE_arm64,  2}, {GRADE_x86_64, 1});

As this contains grades for arm64e, arm64, and x86_64 when grade is invoked, 3rd-party universal binaries would be processed correctly with the arm64 Mach-O being identified as both valid, and as the best slice.

Posted by
asfdadsfasdfasdfsasdafads
Up vote reply of asfdadsfasdfasdfsasdafads Down vote reply of asfdadsfasdfasdfsasdafads
Add a Comment

However its replacement macho_best_slice is broken

I recommend that you file a bug about this. Please post your bug number, just for the record.

Also, hrmm!?

As you’ve discovered, you can post arbitrary URLs as long as you do it in the clear. Tip 14 in the this-name-seemed-like-a-good-idea-at-the-time Quinn’s Top Ten DevForums Tips.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Bug Report: FB13657781

Posted by
asfdadsfasdfasdfsasdafads
Up vote reply of asfdadsfasdfasdfsasdafads Down vote reply of asfdadsfasdfasdfsasdafads

  • Thanks for filing FB13657781.

    eskimo
Add a Comment