From 9b780cc0a7d9e95d116df9b0da7efd957af0305e Mon Sep 17 00:00:00 2001
From: "Dongjia \"toka\" Zhang" <tokazerkje@outlook.com>
Date: Mon, 11 Mar 2024 18:15:56 +0100
Subject: [PATCH] Fix UB in anymap.rs and other minor warnings. (#1926)

* fix

* clippy

* fix
---
 libafl_bolts/src/anymap.rs           | 39 ++++++++--------------------
 libafl_targets/Cargo.toml            |  1 +
 libafl_targets/src/sancov_pcguard.rs |  5 +++-
 3 files changed, 16 insertions(+), 29 deletions(-)

diff --git a/libafl_bolts/src/anymap.rs b/libafl_bolts/src/anymap.rs
index 7f2bf704aa..7fbda67127 100644
--- a/libafl_bolts/src/anymap.rs
+++ b/libafl_bolts/src/anymap.rs
@@ -4,7 +4,7 @@ use alloc::boxed::Box;
 use core::{
     any::{Any, TypeId},
     mem::size_of,
-    ptr::addr_of,
+    ptr::{addr_of, read_unaligned},
 };
 
 /// Convert to an Any trait object
@@ -39,7 +39,7 @@ macro_rules! impl_asany {
     };
 }
 
-/// Get a `type_id` from its previously unpacked `u64`.
+/// Get a `type_id` from its previously unpacked `u128`.
 /// Opposite of [`unpack_type_id(id)`].
 ///
 /// # Note
@@ -47,26 +47,13 @@ macro_rules! impl_asany {
 /// The size changed in later rust versions, see <https://github.com/rust-lang/compiler-team/issues/608>
 #[inline]
 #[must_use]
-#[allow(clippy::cast_ptr_alignment)]
 pub const fn pack_type_id(id: u128) -> TypeId {
-    match size_of::<TypeId>() {
-        8 => {
-            let id_64 = id as u64;
-            // false positive: this branch only executes on 64 bit `TypeId`s
-            #[allow(clippy::cast_ptr_alignment)]
-            unsafe {
-                *(addr_of!(id_64) as *const TypeId)
-            }
-        }
-        16 => unsafe { *(addr_of!(id) as *const TypeId) },
-        _ => {
-            // TypeId size of this size is not yet supported"
-            panic!("Unsupported size for TypeId");
-        }
-    }
+    // TypeId size of other sizes is not yet supported"
+    assert!(size_of::<TypeId>() == 16, "Unsupported size for TypeId");
+    unsafe { *(addr_of!(id) as *const TypeId) }
 }
 
-/// Unpack a `type_id` to an `u64`
+/// Unpack a `type_id` to an `u128`
 /// Opposite of [`pack_type_id(id)`].
 ///
 /// # Note
@@ -75,15 +62,11 @@ pub const fn pack_type_id(id: u128) -> TypeId {
 #[inline]
 #[must_use]
 pub const fn unpack_type_id(id: TypeId) -> u128 {
-    #[allow(clippy::cast_ptr_alignment)] // we never actually cast to u128 if the type is u64.
-    match size_of::<TypeId>() {
-        8 => unsafe { *(addr_of!(id) as *const u64) as u128 },
-        16 => unsafe { *(addr_of!(id) as *const u128) },
-        _ => {
-            // TypeId size of this size is not yet supported"
-            panic!("Unsupported size for TypeId");
-        }
-    }
+    // see any.rs, it's alway u128 hence 16 bytes.
+    // TypeId size of other sizes is not yet supported"
+    assert!(size_of::<TypeId>() == 16, "Unsupported size for TypeId");
+    let ret: u128 = unsafe { read_unaligned::<u128>(addr_of!(id) as *const u128) };
+    ret
 }
 
 #[cfg(test)]
diff --git a/libafl_targets/Cargo.toml b/libafl_targets/Cargo.toml
index 88f4ad1914..9436e6b2a4 100644
--- a/libafl_targets/Cargo.toml
+++ b/libafl_targets/Cargo.toml
@@ -43,6 +43,7 @@ sancov_pcguard_hitcounts = ["coverage"]
 sancov_value_profile = ["common"]
 sancov_8bit = []
 sancov_ngram4 = ["coverage"]
+sancov_ngram8 = ["coverage"]
 sancov_ctx = ["coverage"]
 sancov_cmplog = ["common"] # Defines cmp and __sanitizer_weak_hook functions. Use libfuzzer_interceptors to define interceptors (only compatible with Linux)
 sancov_pcguard = ["sancov_pcguard_hitcounts"]
diff --git a/libafl_targets/src/sancov_pcguard.rs b/libafl_targets/src/sancov_pcguard.rs
index 737b7992fd..d9b15a090e 100644
--- a/libafl_targets/src/sancov_pcguard.rs
+++ b/libafl_targets/src/sancov_pcguard.rs
@@ -36,14 +36,17 @@ type Ngram8 = core::simd::u32x8;
 #[rustversion::nightly]
 pub static mut PREV_ARRAY_4: Ngram4 = Ngram4::from_array([0, 0, 0, 0]);
 
+/// The array holding the previous locs. This is required for NGRAM-4 instrumentation
 #[cfg(feature = "sancov_ngram8")]
 #[rustversion::nightly]
 pub static mut PREV_ARRAY_8: Ngram8 = Ngram8::from_array([0, 0, 0, 0, 0, 0, 0, 0]);
 
+/// We shift each of the values in ngram4 everytime we see new edges
 #[cfg(feature = "sancov_ngram4")]
 #[rustversion::nightly]
 pub static SHR_4: Ngram4 = Ngram4::from_array([1, 1, 1, 1]);
 
+/// We shift each of the values in ngram8 everytime we see new edges
 #[cfg(feature = "sancov_ngram8")]
 #[rustversion::nightly]
 pub static SHR_8: Ngram8 = Ngram8::from_array([1, 1, 1, 1, 1, 1, 1, 1]);
@@ -77,7 +80,7 @@ impl ExecutorHook for NgramHook {
 
         #[cfg(feature = "sancov_ngram8")]
         unsafe {
-            PREV_ARRAY_8 = Ngram8::from_array([0, 0, 0, 0, 0, 0, 0, 0])
+            PREV_ARRAY_8 = Ngram8::from_array([0, 0, 0, 0, 0, 0, 0, 0]);
         }
     }
     fn post_exec<EM, I, S, Z>(