Bring back some checks (#1597)

2023-10-05 16:14:55 +02:00 · 2023-10-05 16:14:55 +02:00 · 2ade1ee1f6
commit 2ade1ee1f6
parent f17e49e9aa
1 changed files with 62 additions and 39 deletions
--- a/libafl_targets/src/cmplog.c
+++ b/libafl_targets/src/cmplog.c
@ -238,9 +238,15 @@ static const uint8_t *get_llvm_stdstring(const uint8_t *string) {
 void __cmplog_rtn_gcc_stdstring_cstring(const uint8_t *stdstring,
                                        const uint8_t *cstring) {
  if (!libafl_cmplog_enabled) { return; }
-  int l1 = area_is_valid(stdstring, 32);
+  // This gcc string structure has 32 bytes of content at max
+  // That's what 32 means!
+  if (area_is_valid(stdstring, 32) <= 0) { return; }
+
+  int l1 = area_is_valid(cstring, CMPLOG_RTN_LEN);
  if (l1 <= 0) { return; }
-  int l2 = area_is_valid(cstring, 32);
+
+  const uint8_t *string_ptr = get_gcc_stdstring(stdstring);
+  int            l2 = area_is_valid(string_ptr, CMPLOG_RTN_LEN);
  if (l2 <= 0) { return; }

  int len = MIN(31, MIN(l1, l2));
@ -248,48 +254,66 @@ void __cmplog_rtn_gcc_stdstring_cstring(const uint8_t *stdstring,
  uintptr_t k = RETADDR;
  k = (k >> 4) ^ (k << 8);
  k &= CMPLOG_MAP_W - 1;
-  __libafl_targets_cmplog_routines_checked(k, get_gcc_stdstring(stdstring),
-                                           cstring, len);
+  __libafl_targets_cmplog_routines_checked(k, string_ptr, cstring, len);
 }

 void __cmplog_rtn_gcc_stdstring_stdstring(const uint8_t *stdstring1,
                                          const uint8_t *stdstring2) {
  if (!libafl_cmplog_enabled) { return; }
-  int l1 = area_is_valid(stdstring1, 32);
+
+  if (area_is_valid(stdstring1, 32) <= 0) { return; };
+  if (area_is_valid(stdstring2, 32) <= 0) { return; };
+
+  const uint8_t *string_ptr1 = get_gcc_stdstring(stdstring1);
+  int            l1 = area_is_valid(string_ptr1, CMPLOG_RTN_LEN);
  if (l1 <= 0) { return; }
-  int l2 = area_is_valid(stdstring2, 32);
+
+  const uint8_t *string_ptr2 = get_gcc_stdstring(stdstring2);
+  int            l2 = area_is_valid(string_ptr2, CMPLOG_RTN_LEN);
  if (l2 <= 0) { return; }

  int len = MIN(31, MIN(l1, l2));
+
  uintptr_t k = RETADDR;
  k = (k >> 4) ^ (k << 8);
  k &= CMPLOG_MAP_W - 1;
-  __libafl_targets_cmplog_routines_checked(k, get_gcc_stdstring(stdstring1),
-                                           get_gcc_stdstring(stdstring2), len);
+  __libafl_targets_cmplog_routines_checked(k, string_ptr1, string_ptr2, len);
 }

 void __cmplog_rtn_llvm_stdstring_cstring(const uint8_t *stdstring,
                                         const uint8_t *cstring) {
  if (!libafl_cmplog_enabled) { return; }
-  int l1 = area_is_valid(stdstring, 32);
+
+  if (area_is_valid(stdstring, 32) <= 0) { return; }
+
+  int l1 = area_is_valid(cstring, CMPLOG_RTN_LEN);
  if (l1 <= 0) { return; }
-  int l2 = area_is_valid(cstring, 32);
+
+  const uint8_t *string_ptr = get_llvm_stdstring(stdstring);
+  int            l2 = area_is_valid(string_ptr, CMPLOG_RTN_LEN);
  if (l2 <= 0) { return; }

  int len = MIN(31, MIN(l1, l2));
+
  uintptr_t k = RETADDR;
  k = (k >> 4) ^ (k << 8);
  k &= CMPLOG_MAP_W - 1;
-  __libafl_targets_cmplog_routines_checked(k, get_llvm_stdstring(stdstring),
-                                           cstring, len);
+  __libafl_targets_cmplog_routines_checked(k, string_ptr, cstring, len);
 }

 void __cmplog_rtn_llvm_stdstring_stdstring(const uint8_t *stdstring1,
                                           const uint8_t *stdstring2) {
  if (!libafl_cmplog_enabled) { return; }
-  int l1 = area_is_valid(stdstring1, 32);
+
+  if (area_is_valid(stdstring1, 32) <= 0) { return; };
+  if (area_is_valid(stdstring2, 32) <= 0) { return; };
+
+  const uint8_t *string_ptr1 = get_gcc_stdstring(stdstring1);
+  int l1 = area_is_valid(get_gcc_stdstring(stdstring1), CMPLOG_RTN_LEN);
  if (l1 <= 0) { return; }
-  int l2 = area_is_valid(stdstring2, 32);
+
+  const uint8_t *string_ptr2 = get_gcc_stdstring(stdstring2);
+  int l2 = area_is_valid(get_gcc_stdstring(stdstring2), CMPLOG_RTN_LEN);
  if (l2 <= 0) { return; }

  int len = MIN(31, MIN(l1, l2));
@ -297,6 +321,5 @@ void __cmplog_rtn_llvm_stdstring_stdstring(const uint8_t *stdstring1,
  uintptr_t k = RETADDR;
  k = (k >> 4) ^ (k << 8);
  k &= CMPLOG_MAP_W - 1;
-  __libafl_targets_cmplog_routines_checked(k, get_llvm_stdstring(stdstring1),
-                                           get_llvm_stdstring(stdstring2), len);
+  __libafl_targets_cmplog_routines_checked(k, string_ptr1, string_ptr2, len);
 }