From f6c24f2a473cdbd66aa6fa03ce2158a52866aaef Mon Sep 17 00:00:00 2001
From: pancake <pancake@nowsecure.com>
Date: Thu, 9 Jan 2025 18:02:11 +0100
Subject: [PATCH] Fix #23865 - imports vaddr on some ELFs reporting below baddr
 locations ##bin

---
 libr/bin/format/elf/elf.c         | 13 ++++++++++++-
 test/db/formats/elf/symbols       | 31 +++++++++++++++++++++++++++++++
 test/db/formats/mangling/mangling |  6 +++---
 3 files changed, 46 insertions(+), 4 deletions(-)

diff --git a/libr/bin/format/elf/elf.c b/libr/bin/format/elf/elf.c
index 44e7dcfcb595e..193f80ef9f197 100644
--- a/libr/bin/format/elf/elf.c
+++ b/libr/bin/format/elf/elf.c
@@ -4360,12 +4360,23 @@ static void _set_arm_thumb_bits(struct Elf_(obj_t) *eo, RBinSymbol **symp) {
 // XXX this is slow because we can directly use RBinSymbol instead of RBinElfSymbol imho
 RBinSymbol *Elf_(convert_symbol)(ELFOBJ *eo, RBinElfSymbol *symbol) {
 	ut64 paddr, vaddr;
+	const ut64 baddr = Elf_(get_baddr) (eo);
+	if (baddr && baddr != UT64_MAX && symbol->offset && symbol->offset != UT64_MAX) {
+		if (symbol->is_vaddr && symbol->offset < baddr) {
+			symbol->is_vaddr = false;
+		}
+	}
 	if (symbol->is_vaddr) {
 		paddr = UT64_MAX;
 		vaddr = symbol->offset;
 	} else {
 		paddr = symbol->offset;
-		vaddr = Elf_(p2v_new) (eo, paddr);
+		ut64 va = Elf_(p2v_new) (eo, paddr);
+		if (va != UT64_MAX) {
+			vaddr = va;
+		} else {
+			vaddr = paddr;
+		}
 	}
 
 	RBinSymbol *ptr = R_NEW0 (RBinSymbol);
diff --git a/test/db/formats/elf/symbols b/test/db/formats/elf/symbols
index e8790f50d2ce0..856a90af55162 100644
--- a/test/db/formats/elf/symbols
+++ b/test/db/formats/elf/symbols
@@ -186,3 +186,34 @@ EXPECT=<<EOF
 1731
 EOF
 RUN
+
+NAME=imports using the wrong baddr
+FILE=bins/elf/easiestprintf
+CMDS=<<EOF
+ii
+s 0x080485e8
+pd 2
+EOF
+EXPECT=<<EOF
+nth vaddr      bind   type   lib name
+-------------------------------------
+1   0x080485c8 WEAK   NOTYPE     __gmon_start__
+2   0x080485d8 GLOBAL FUNC       open
+3   0x080485f0 GLOBAL FUNC       memset
+4   0x080485f8 GLOBAL FUNC       __isoc99_scanf
+5   0x080485e8 GLOBAL FUNC       setvbuf
+6   0x080485d0 GLOBAL FUNC       exit
+8   0x080485b0 GLOBAL FUNC       alarm
+9   0x080485e0 GLOBAL FUNC       __libc_start_main
+11  0x080485a8 GLOBAL FUNC       sleep
+12  0x080485c0 GLOBAL FUNC       puts
+14  0x080485b8 GLOBAL FUNC       __stack_chk_fail
+15  0x08048600 GLOBAL FUNC       close
+16  0x08048590 GLOBAL FUNC       read
+17  0x08048598 GLOBAL FUNC       printf
+18  0x080485a0 GLOBAL FUNC       _exit
+            ;-- setvbuf:
+            0x080485e8      ff25f09f0408   jmp dword [reloc.setvbuf]   ; 0x8049ff0
+            0x080485ee      6690           nop
+EOF
+RUN
diff --git a/test/db/formats/mangling/mangling b/test/db/formats/mangling/mangling
index acdb06faeabc8..a039502f4b6a0 100644
--- a/test/db/formats/mangling/mangling
+++ b/test/db/formats/mangling/mangling
@@ -119,8 +119,8 @@ EXPECT=<<EOF
 0x00000985 0 .la6()
 0x0000099c 0 .la7()
 0x00000a17 0 .ledebug_info0()
-0x00000030 0 .lehdebug_line0()
-0x000011bd 0 .ledebug_line0()
+0x00400030 0 .lehdebug_line0()
+0x004011bd 0 .ledebug_line0()
 0x00000000 0 system.pp()
 0x004360d0 0 .ld1()
 0x0044c410 12 unit u.system errno()
@@ -1970,7 +1970,7 @@ EXPECT=<<EOF
 0x00438b20 17 unit init.system filerec()
 0x0040ad10 22 unit system ntobe(smallint)smallint
 0x004332c0 34 unit unixutil stringtoppchar(ansistring,smallint)ppchar
-0x00000190 0 __bss_start
+0x00400190 0 __bss_start
 0x0043e5a8 35 unit rtti.baseunix def16()
 0x004227e0 525 unit system do_open(formal,pchar,longint,boolean)
 0x00431b30 774 unit unix popen_internal(text,rawbytestring,char)longint