diff --git a/libafl_frida/src/asan_rt.rs b/libafl_frida/src/asan_rt.rs index 5f3a42a582..f1ad2ceda0 100644 --- a/libafl_frida/src/asan_rt.rs +++ b/libafl_frida/src/asan_rt.rs @@ -24,7 +24,7 @@ use color_backtrace::{default_output_stream, BacktracePrinter, Verbosity}; use dynasmrt::{dynasm, DynasmApi, DynasmLabelApi}; #[cfg(unix)] use gothook::GotHookLibrary; -use libc::{_SC_PAGESIZE, getrlimit64, rlimit64, sysconf}; +use libc::{getrlimit64, rlimit64, sysconf, _SC_PAGESIZE}; use rangemap::RangeSet; use serde::{Deserialize, Serialize}; use std::{ @@ -90,7 +90,10 @@ impl Allocator { addr as *mut c_void, page_size, ProtFlags::PROT_READ | ProtFlags::PROT_WRITE, - MapFlags::MAP_PRIVATE | MapFlags::MAP_ANONYMOUS | MapFlags::MAP_FIXED | MapFlags::MAP_NORESERVE, + MapFlags::MAP_PRIVATE + | MapFlags::MAP_ANONYMOUS + | MapFlags::MAP_FIXED + | MapFlags::MAP_NORESERVE, -1, 0, ) @@ -110,7 +113,10 @@ impl Allocator { addr as *mut c_void, addr + addr, ProtFlags::PROT_READ | ProtFlags::PROT_WRITE, - MapFlags::MAP_ANONYMOUS | MapFlags::MAP_FIXED | MapFlags::MAP_PRIVATE | MapFlags::MAP_NORESERVE, + MapFlags::MAP_ANONYMOUS + | MapFlags::MAP_FIXED + | MapFlags::MAP_PRIVATE + | MapFlags::MAP_NORESERVE, -1, 0, ) @@ -161,7 +167,8 @@ impl Allocator { let mut current_size = size; while current_size <= self.largest_allocation { if self.allocation_queue.contains_key(¤t_size) { - if let Some(metadata) = self.allocation_queue.entry(current_size).or_default().pop() { + if let Some(metadata) = self.allocation_queue.entry(current_size).or_default().pop() + { return Some(metadata); } } @@ -184,8 +191,7 @@ impl Allocator { } let rounded_up_size = self.round_up_to_page(size); - let metadata = if let Some(mut metadata) = self.find_smallest_fit(rounded_up_size) - { + let metadata = if let Some(mut metadata) = self.find_smallest_fit(rounded_up_size) { //println!("reusing allocation at {:x}, (actual mapping starts at {:x}) size {:x}", metadata.address, metadata.address - self.page_size, size); metadata.is_malloc_zero = is_malloc_zero; metadata.size = size; @@ -214,11 +220,7 @@ impl Allocator { } }; - self.map_shadow_for_region( - mapping, - mapping + rounded_up_size, - false, - ); + self.map_shadow_for_region(mapping, mapping + rounded_up_size, false); let mut metadata = AllocationMetadata { address: mapping, @@ -803,8 +805,11 @@ impl AsanRuntime { let stack_address = &stack_var as *const _ as *const c_void as usize; let (start, end, _, _) = find_mapping_for_address(stack_address).unwrap(); - let mut stack_rlimit = rlimit64 { rlim_cur: 0, rlim_max: 0 }; - assert!(unsafe { getrlimit64(3, &mut stack_rlimit as *mut rlimit64 ) } == 0); + let mut stack_rlimit = rlimit64 { + rlim_cur: 0, + rlim_max: 0, + }; + assert!(unsafe { getrlimit64(3, &mut stack_rlimit as *mut rlimit64) } == 0); println!("stack_rlimit: {:?}", stack_rlimit); @@ -816,7 +821,10 @@ impl AsanRuntime { max_start as *mut c_void, start - max_start, ProtFlags::PROT_READ | ProtFlags::PROT_WRITE, - MapFlags::MAP_ANONYMOUS | MapFlags::MAP_FIXED | MapFlags::MAP_PRIVATE | MapFlags::MAP_STACK, + MapFlags::MAP_ANONYMOUS + | MapFlags::MAP_FIXED + | MapFlags::MAP_PRIVATE + | MapFlags::MAP_STACK, -1, 0, ) @@ -831,7 +839,7 @@ impl AsanRuntime { let tls_address = unsafe { get_tls_ptr() } as usize; // we need to mask off the highest byte, due to 'High Byte Ignore" #[cfg(target_os = "android")] - let tls_address = tls_address & 0xffffffffffffff; + let tls_address = tls_address & 0xffffffffffffff; let (start, end, _, _) = find_mapping_for_address(tls_address).unwrap(); (start, end) diff --git a/libafl_frida/src/helper.rs b/libafl_frida/src/helper.rs index d53308f192..a307a0d3ed 100644 --- a/libafl_frida/src/helper.rs +++ b/libafl_frida/src/helper.rs @@ -9,7 +9,10 @@ use libafl::utils::find_mapping_for_path; use libafl_targets::drcov::{DrCovBasicBlock, DrCovWriter}; #[cfg(target_arch = "aarch64")] -use capstone::arch::{arm64::{Arm64OperandType, Arm64Extender, Arm64Shift}, ArchOperand::Arm64Operand}; +use capstone::arch::{ + arm64::{Arm64Extender, Arm64OperandType, Arm64Shift}, + ArchOperand::Arm64Operand, +}; use capstone::{ arch::{self, BuildsCapstone}, Capstone, Insn, @@ -88,10 +91,7 @@ impl<'a> FridaHelper<'a> for FridaInstrumentationHelper<'a> { let mut hasher = AHasher::new_with_keys(0, 0); hasher.write(input.target_bytes().as_slice()); - let filename = format!( - "./coverage/{:016x}.drcov", - hasher.finish(), - ); + let filename = format!("./coverage/{:016x}.drcov", hasher.finish(),); DrCovWriter::new(&filename, &self.ranges, &mut self.drcov_basic_blocks).write(); } @@ -221,10 +221,14 @@ impl<'a> FridaInstrumentationHelper<'a> { if options.stalker_enabled() { for (id, module_name) in modules_to_instrument.iter().enumerate() { let (lib_start, lib_end) = find_mapping_for_path(module_name.to_str().unwrap()); - println!("including range {:x}-{:x} for {:?}", lib_start, lib_end, module_name); - helper - .ranges - .insert(lib_start..lib_end, (id as u16, module_name.to_str().unwrap())); + println!( + "including range {:x}-{:x} for {:?}", + lib_start, lib_end, module_name + ); + helper.ranges.insert( + lib_start..lib_end, + (id as u16, module_name.to_str().unwrap()), + ); } if helper.options.drcov_enabled() { @@ -401,14 +405,18 @@ impl<'a> FridaInstrumentationHelper<'a> { if extender_encoding != -1 && shift_amount < 0b1000 { // emit add extended register: https://developer.arm.com/documentation/ddi0602/latest/Base-Instructions/ADD--extended-register---Add--extended-register-- - writer.put_bytes(&(0x8b210000 | ((extender_encoding as u32) << 13) | (shift_amount << 10)).to_le_bytes()); + writer.put_bytes( + &(0x8b210000 | ((extender_encoding as u32) << 13) | (shift_amount << 10)) + .to_le_bytes(), + ); } else if shift_encoding != -1 { - writer.put_bytes(&(0x8b010000 | ((shift_encoding as u32) << 22) | (shift_amount << 10)).to_le_bytes()); + writer.put_bytes( + &(0x8b010000 | ((shift_encoding as u32) << 22) | (shift_amount << 10)) + .to_le_bytes(), + ); } else { panic!("extender: {:?}, shift: {:?}", extender, shift); } - - }; } @@ -554,7 +562,17 @@ impl<'a> FridaInstrumentationHelper<'a> { &self, _address: u64, instr: &Insn, - ) -> Result<(capstone::RegId, capstone::RegId, i32, u32, Arm64Shift, Arm64Extender), ()> { + ) -> Result< + ( + capstone::RegId, + capstone::RegId, + i32, + u32, + Arm64Shift, + Arm64Extender, + ), + (), + > { // We have to ignore these instructions. Simulating them with their side effects is // complex, to say the least. match instr.mnemonic().unwrap() {