SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bring back some checks (#1597)

Browse Source
This commit is contained in:
Dongjia "toka" Zhang 2023-10-05 16:14:55 +02:00 committed by GitHub
parent f17e49e9aa
commit 2ade1ee1f6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 62 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
libafl_targets/src/cmplog.c
View File

@ -238,9 +238,15 @@ static const uint8_t *get_llvm_stdstring(const uint8_t *string) {
void __cmplog_rtn_gcc_stdstring_cstring(const uint8_t *stdstring, void __cmplog_rtn_gcc_stdstring_cstring(const uint8_t *stdstring,
const uint8_t *cstring) { const uint8_t *cstring) {
if (!libafl_cmplog_enabled) { return; } if (!libafl_cmplog_enabled) { return; }
int l1 = area_is_valid(stdstring, 32); // This gcc string structure has 32 bytes of content at max
// That's what 32 means!
if (area_is_valid(stdstring, 32) <= 0) { return; }
int l1 = area_is_valid(cstring, CMPLOG_RTN_LEN);
if (l1 <= 0) { return; } if (l1 <= 0) { return; }
int l2 = area_is_valid(cstring, 32);
const uint8_t *string_ptr = get_gcc_stdstring(stdstring);
int l2 = area_is_valid(string_ptr, CMPLOG_RTN_LEN);
if (l2 <= 0) { return; } if (l2 <= 0) { return; }
int len = MIN(31, MIN(l1, l2)); int len = MIN(31, MIN(l1, l2));
@ -248,48 +254,22 @@ void __cmplog_rtn_gcc_stdstring_cstring(const uint8_t *stdstring,
uintptr_t k = RETADDR; uintptr_t k = RETADDR;
k = (k >> 4) ^ (k << 8); k = (k >> 4) ^ (k << 8);
k &= CMPLOG_MAP_W - 1; k &= CMPLOG_MAP_W - 1;
__libafl_targets_cmplog_routines_checked(k, get_gcc_stdstring(stdstring), __libafl_targets_cmplog_routines_checked(k, string_ptr, cstring, len);
cstring, len);
} }
void __cmplog_rtn_gcc_stdstring_stdstring(const uint8_t *stdstring1, void __cmplog_rtn_gcc_stdstring_stdstring(const uint8_t *stdstring1,
const uint8_t *stdstring2) { const uint8_t *stdstring2) {
if (!libafl_cmplog_enabled) { return; } if (!libafl_cmplog_enabled) { return; }
int l1 = area_is_valid(stdstring1, 32);
if (area_is_valid(stdstring1, 32) <= 0) { return; };
if (area_is_valid(stdstring2, 32) <= 0) { return; };
const uint8_t *string_ptr1 = get_gcc_stdstring(stdstring1);
int l1 = area_is_valid(string_ptr1, CMPLOG_RTN_LEN);
if (l1 <= 0) { return; } if (l1 <= 0) { return; }
int l2 = area_is_valid(stdstring2, 32);
if (l2 <= 0) { return; }
int len = MIN(31, MIN(l1, l2)); const uint8_t *string_ptr2 = get_gcc_stdstring(stdstring2);
uintptr_t k = RETADDR; int l2 = area_is_valid(string_ptr2, CMPLOG_RTN_LEN);
k = (k >> 4) ^ (k << 8);
k &= CMPLOG_MAP_W - 1;
__libafl_targets_cmplog_routines_checked(k, get_gcc_stdstring(stdstring1),
get_gcc_stdstring(stdstring2), len);
}
void __cmplog_rtn_llvm_stdstring_cstring(const uint8_t *stdstring,
const uint8_t *cstring) {
if (!libafl_cmplog_enabled) { return; }
int l1 = area_is_valid(stdstring, 32);
if (l1 <= 0) { return; }
int l2 = area_is_valid(cstring, 32);
if (l2 <= 0) { return; }
int len = MIN(31, MIN(l1, l2));
uintptr_t k = RETADDR;
k = (k >> 4) ^ (k << 8);
k &= CMPLOG_MAP_W - 1;
__libafl_targets_cmplog_routines_checked(k, get_llvm_stdstring(stdstring),
cstring, len);
}
void __cmplog_rtn_llvm_stdstring_stdstring(const uint8_t *stdstring1,
const uint8_t *stdstring2) {
if (!libafl_cmplog_enabled) { return; }
int l1 = area_is_valid(stdstring1, 32);
if (l1 <= 0) { return; }
int l2 = area_is_valid(stdstring2, 32);
if (l2 <= 0) { return; } if (l2 <= 0) { return; }
int len = MIN(31, MIN(l1, l2)); int len = MIN(31, MIN(l1, l2));
@ -297,6 +277,49 @@ void __cmplog_rtn_llvm_stdstring_stdstring(const uint8_t *stdstring1,
uintptr_t k = RETADDR; uintptr_t k = RETADDR;
k = (k >> 4) ^ (k << 8); k = (k >> 4) ^ (k << 8);
k &= CMPLOG_MAP_W - 1; k &= CMPLOG_MAP_W - 1;
__libafl_targets_cmplog_routines_checked(k, get_llvm_stdstring(stdstring1), __libafl_targets_cmplog_routines_checked(k, string_ptr1, string_ptr2, len);
get_llvm_stdstring(stdstring2), len); }
void __cmplog_rtn_llvm_stdstring_cstring(const uint8_t *stdstring,
const uint8_t *cstring) {
if (!libafl_cmplog_enabled) { return; }
if (area_is_valid(stdstring, 32) <= 0) { return; }
int l1 = area_is_valid(cstring, CMPLOG_RTN_LEN);
if (l1 <= 0) { return; }
const uint8_t *string_ptr = get_llvm_stdstring(stdstring);
int l2 = area_is_valid(string_ptr, CMPLOG_RTN_LEN);
if (l2 <= 0) { return; }
int len = MIN(31, MIN(l1, l2));
uintptr_t k = RETADDR;
k = (k >> 4) ^ (k << 8);
k &= CMPLOG_MAP_W - 1;
__libafl_targets_cmplog_routines_checked(k, string_ptr, cstring, len);
}
void __cmplog_rtn_llvm_stdstring_stdstring(const uint8_t *stdstring1,
const uint8_t *stdstring2) {
if (!libafl_cmplog_enabled) { return; }
if (area_is_valid(stdstring1, 32) <= 0) { return; };
if (area_is_valid(stdstring2, 32) <= 0) { return; };
const uint8_t *string_ptr1 = get_gcc_stdstring(stdstring1);
int l1 = area_is_valid(get_gcc_stdstring(stdstring1), CMPLOG_RTN_LEN);
if (l1 <= 0) { return; }
const uint8_t *string_ptr2 = get_gcc_stdstring(stdstring2);
int l2 = area_is_valid(get_gcc_stdstring(stdstring2), CMPLOG_RTN_LEN);
if (l2 <= 0) { return; }
int len = MIN(31, MIN(l1, l2));
uintptr_t k = RETADDR;
k = (k >> 4) ^ (k << 8);
k &= CMPLOG_MAP_W - 1;
__libafl_targets_cmplog_routines_checked(k, string_ptr1, string_ptr2, len);
} }