From 2ade1ee1f608d513dfdcb24483399d7fd05f09b1 Mon Sep 17 00:00:00 2001
From: "Dongjia \"toka\" Zhang" <tokazerkje@outlook.com>
Date: Thu, 5 Oct 2023 16:14:55 +0200
Subject: [PATCH] Bring back some checks (#1597)

---
 libafl_targets/src/cmplog.c | 101 ++++++++++++++++++++++--------------
 1 file changed, 62 insertions(+), 39 deletions(-)

diff --git a/libafl_targets/src/cmplog.c b/libafl_targets/src/cmplog.c
index 48792827a2..af825f9514 100644
--- a/libafl_targets/src/cmplog.c
+++ b/libafl_targets/src/cmplog.c
@@ -238,9 +238,15 @@ static const uint8_t *get_llvm_stdstring(const uint8_t *string) {
 void __cmplog_rtn_gcc_stdstring_cstring(const uint8_t *stdstring,
                                         const uint8_t *cstring) {
   if (!libafl_cmplog_enabled) { return; }
-  int l1 = area_is_valid(stdstring, 32);
+  // This gcc string structure has 32 bytes of content at max
+  // That's what 32 means!
+  if (area_is_valid(stdstring, 32) <= 0) { return; }
+
+  int l1 = area_is_valid(cstring, CMPLOG_RTN_LEN);
   if (l1 <= 0) { return; }
-  int l2 = area_is_valid(cstring, 32);
+
+  const uint8_t *string_ptr = get_gcc_stdstring(stdstring);
+  int            l2 = area_is_valid(string_ptr, CMPLOG_RTN_LEN);
   if (l2 <= 0) { return; }
 
   int len = MIN(31, MIN(l1, l2));
@@ -248,48 +254,22 @@ void __cmplog_rtn_gcc_stdstring_cstring(const uint8_t *stdstring,
   uintptr_t k = RETADDR;
   k = (k >> 4) ^ (k << 8);
   k &= CMPLOG_MAP_W - 1;
-  __libafl_targets_cmplog_routines_checked(k, get_gcc_stdstring(stdstring),
-                                           cstring, len);
+  __libafl_targets_cmplog_routines_checked(k, string_ptr, cstring, len);
 }
 
 void __cmplog_rtn_gcc_stdstring_stdstring(const uint8_t *stdstring1,
                                           const uint8_t *stdstring2) {
   if (!libafl_cmplog_enabled) { return; }
-  int l1 = area_is_valid(stdstring1, 32);
+
+  if (area_is_valid(stdstring1, 32) <= 0) { return; };
+  if (area_is_valid(stdstring2, 32) <= 0) { return; };
+
+  const uint8_t *string_ptr1 = get_gcc_stdstring(stdstring1);
+  int            l1 = area_is_valid(string_ptr1, CMPLOG_RTN_LEN);
   if (l1 <= 0) { return; }
-  int l2 = area_is_valid(stdstring2, 32);
-  if (l2 <= 0) { return; }
 
-  int       len = MIN(31, MIN(l1, l2));
-  uintptr_t k = RETADDR;
-  k = (k >> 4) ^ (k << 8);
-  k &= CMPLOG_MAP_W - 1;
-  __libafl_targets_cmplog_routines_checked(k, get_gcc_stdstring(stdstring1),
-                                           get_gcc_stdstring(stdstring2), len);
-}
-
-void __cmplog_rtn_llvm_stdstring_cstring(const uint8_t *stdstring,
-                                         const uint8_t *cstring) {
-  if (!libafl_cmplog_enabled) { return; }
-  int l1 = area_is_valid(stdstring, 32);
-  if (l1 <= 0) { return; }
-  int l2 = area_is_valid(cstring, 32);
-  if (l2 <= 0) { return; }
-
-  int       len = MIN(31, MIN(l1, l2));
-  uintptr_t k = RETADDR;
-  k = (k >> 4) ^ (k << 8);
-  k &= CMPLOG_MAP_W - 1;
-  __libafl_targets_cmplog_routines_checked(k, get_llvm_stdstring(stdstring),
-                                           cstring, len);
-}
-
-void __cmplog_rtn_llvm_stdstring_stdstring(const uint8_t *stdstring1,
-                                           const uint8_t *stdstring2) {
-  if (!libafl_cmplog_enabled) { return; }
-  int l1 = area_is_valid(stdstring1, 32);
-  if (l1 <= 0) { return; }
-  int l2 = area_is_valid(stdstring2, 32);
+  const uint8_t *string_ptr2 = get_gcc_stdstring(stdstring2);
+  int            l2 = area_is_valid(string_ptr2, CMPLOG_RTN_LEN);
   if (l2 <= 0) { return; }
 
   int len = MIN(31, MIN(l1, l2));
@@ -297,6 +277,49 @@ void __cmplog_rtn_llvm_stdstring_stdstring(const uint8_t *stdstring1,
   uintptr_t k = RETADDR;
   k = (k >> 4) ^ (k << 8);
   k &= CMPLOG_MAP_W - 1;
-  __libafl_targets_cmplog_routines_checked(k, get_llvm_stdstring(stdstring1),
-                                           get_llvm_stdstring(stdstring2), len);
+  __libafl_targets_cmplog_routines_checked(k, string_ptr1, string_ptr2, len);
+}
+
+void __cmplog_rtn_llvm_stdstring_cstring(const uint8_t *stdstring,
+                                         const uint8_t *cstring) {
+  if (!libafl_cmplog_enabled) { return; }
+
+  if (area_is_valid(stdstring, 32) <= 0) { return; }
+
+  int l1 = area_is_valid(cstring, CMPLOG_RTN_LEN);
+  if (l1 <= 0) { return; }
+
+  const uint8_t *string_ptr = get_llvm_stdstring(stdstring);
+  int            l2 = area_is_valid(string_ptr, CMPLOG_RTN_LEN);
+  if (l2 <= 0) { return; }
+
+  int len = MIN(31, MIN(l1, l2));
+
+  uintptr_t k = RETADDR;
+  k = (k >> 4) ^ (k << 8);
+  k &= CMPLOG_MAP_W - 1;
+  __libafl_targets_cmplog_routines_checked(k, string_ptr, cstring, len);
+}
+
+void __cmplog_rtn_llvm_stdstring_stdstring(const uint8_t *stdstring1,
+                                           const uint8_t *stdstring2) {
+  if (!libafl_cmplog_enabled) { return; }
+
+  if (area_is_valid(stdstring1, 32) <= 0) { return; };
+  if (area_is_valid(stdstring2, 32) <= 0) { return; };
+
+  const uint8_t *string_ptr1 = get_gcc_stdstring(stdstring1);
+  int l1 = area_is_valid(get_gcc_stdstring(stdstring1), CMPLOG_RTN_LEN);
+  if (l1 <= 0) { return; }
+
+  const uint8_t *string_ptr2 = get_gcc_stdstring(stdstring2);
+  int l2 = area_is_valid(get_gcc_stdstring(stdstring2), CMPLOG_RTN_LEN);
+  if (l2 <= 0) { return; }
+
+  int len = MIN(31, MIN(l1, l2));
+
+  uintptr_t k = RETADDR;
+  k = (k >> 4) ^ (k << 8);
+  k &= CMPLOG_MAP_W - 1;
+  __libafl_targets_cmplog_routines_checked(k, string_ptr1, string_ptr2, len);
 }