Section semantics are not being respected

[WeiN76LQh]

Version and Platform (required):

• Binary Ninja Version: 4.3.7098-dev (7f4b22d9)
• OS: macOS
• OS Version: 15.2
• CPU Architecture: M1

Bug Description:
I'm seeing functions being created in data sections. For example libobjc.A.dylib::__DATA.__common in the DSC is a section with read/write semantics in a segment with rw- permissions, but there's a function being created at the start of it.

Steps To Reproduce:
Please provide all steps required to reproduce the behavior:

1. Load a copy of DYLD Shared Cache (in my case it was one from iOS 18.1.1).
2. Load the image libobjc.A.dylib.
3. Go to the section libobjc.A.dylib::__common. Without PR [SharedCache] Avoid data memory region name conflicts & reduce section naming ones #6454 the section might be different due to there being multiple with the name libobjc.A.dylib::__common but the problem occurs in all of them.
4. Observe a function called _objc_indexed_classes at the start of the section.

Expected Behavior:
Functions should not be being created in data only sections.

Screenshots/Video Recording:

[xusheng6]

I think we explicitly allow the core to override the semantics when it believes a function should be created -- there are plenty of cases where a naughty binary somehow puts code in such a rw section and then later execute it. I will leave this up to a team discussion

[WeiN76LQh]

Just to clarify this is a regression as not so long ago this wasn't happening for me. Not sure what dev version changed things unfortunately.

[bpotchik]

Does it happen in build 4.4.7006? There was a recent change related to section caching that could be the issue. The section caching logic is first present in build 7007.

[plafosse]

I'm unable to repro the original issue.

Are there any additional steps perhaps?

[plafosse]

Ok, nevermind. I didn't find that particular one but I found something similar

[WeiN76LQh]

Does it happen in build 4.4.7006? There was a recent change related to section caching that could be the issue. The section caching logic is first present in build 7007.

Do you mean 4.3.7006? Either way I'm not sure how I can test that far back. Furthest back the update channel dialog will offer me is 4.3.7089

[plafosse]

You have to go into your settings and "show all versions" or something like that

[plafosse]

[WeiN76LQh]

Okay thanks, I'll try some versions and see where it got introduced

[plafosse]

I am able to repro this all the way back to the last stable: 4.2.6455

[WeiN76LQh]

If I remember correctly its possible that this issue at some point was caused by the DSC plugin not correctly applying semantics to sections but I don't remember well enough to be sure about that.