From 327ff98ea12eb902ff3c2bfb6359beefeaf0b349 Mon Sep 17 00:00:00 2001
From: Dongjia Zhang <tokazerkje@outlook.com>
Date: Mon, 10 Jan 2022 05:00:04 +0900
Subject: [PATCH] Asan fix (#460)

* fix

* fix

* bump

* fmt
---
 fuzzers/frida_libpng/Cargo.toml  | 2 +-
 libafl_frida/Cargo.toml          | 2 +-
 libafl_frida/src/asan/asan_rt.rs | 4 ++++
 libafl_frida/src/asan/errors.rs  | 2 +-
 4 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/fuzzers/frida_libpng/Cargo.toml b/fuzzers/frida_libpng/Cargo.toml
index 829c5434c4..2f1cfabaa7 100644
--- a/fuzzers/frida_libpng/Cargo.toml
+++ b/fuzzers/frida_libpng/Cargo.toml
@@ -30,7 +30,7 @@ reqwest = { version = "0.11.4", features = ["blocking"] }
 [dependencies]
 libafl = { path = "../../libafl/", features = [ "std", "llmp_compression", "llmp_bind_public" ] } #,  "llmp_small_maps", "llmp_debug"]}
 capstone = "0.10.0"
-frida-gum = { version = "0.6.1", features = [ "auto-download", "event-sink", "invocation-listener"] }
+frida-gum = { version = "0.6.3", features = [ "auto-download", "event-sink", "invocation-listener"] }
 libafl_frida = { path = "../../libafl_frida", features = ["cmplog"] }
 libafl_targets = { path = "../../libafl_targets", features = ["sancov_cmplog"] }
 lazy_static = "1.4.0"
diff --git a/libafl_frida/Cargo.toml b/libafl_frida/Cargo.toml
index 3aef9c2849..739f96c4c3 100644
--- a/libafl_frida/Cargo.toml
+++ b/libafl_frida/Cargo.toml
@@ -27,7 +27,7 @@ hashbrown = "0.11"
 libloading = "0.7"
 rangemap = "0.1"
 frida-gum-sys = { version = "0.3", features = [ "auto-download", "event-sink", "invocation-listener"] }
-frida-gum = { version = "0.6.1", features = [ "auto-download", "event-sink", "invocation-listener"] }
+frida-gum = { version = "0.6.3", features = [ "auto-download", "event-sink", "invocation-listener"] }
 core_affinity = { version = "0.5", git = "https://github.com/s1341/core_affinity_rs", rev = "6648a7a" }
 regex = "1.4"
 dynasmrt = "1.2"
diff --git a/libafl_frida/src/asan/asan_rt.rs b/libafl_frida/src/asan/asan_rt.rs
index c840107506..27fda05450 100644
--- a/libafl_frida/src/asan/asan_rt.rs
+++ b/libafl_frida/src/asan/asan_rt.rs
@@ -2307,6 +2307,10 @@ impl AsanRuntime {
                 X86Register::Rip => {
                     writer.put_mov_reg_address(X86Register::Rsi, true_rip);
                 }
+                X86Register::Rdi => {
+                    // In this case rdi is already clobbered, so we want it from the stack (we pushed rdi onto stack before!)
+                    writer.put_mov_reg_reg_offset_ptr(X86Register::Rsi, X86Register::Rsp, -0x28);
+                }
                 _ => {
                     writer.put_mov_reg_reg(X86Register::Rsi, indexreg.unwrap());
                 }
diff --git a/libafl_frida/src/asan/errors.rs b/libafl_frida/src/asan/errors.rs
index 80335efaaa..6422c4526e 100644
--- a/libafl_frida/src/asan/errors.rs
+++ b/libafl_frida/src/asan/errors.rs
@@ -509,7 +509,7 @@ impl AsanErrors {
 
                 cs.set_skipdata(true).expect("failed to set skipdata");
 
-                let start_pc = pc - 4 * 5;
+                let start_pc = pc;
                 for insn in cs
                     .disasm_count(
                         unsafe { std::slice::from_raw_parts(start_pc as *mut u8, 4 * 11) },