From ac4399795023e576c54d9ffe29ac5f028028bf97 Mon Sep 17 00:00:00 2001
From: Dominik Maier <domenukk@gmail.com>
Date: Mon, 17 Jan 2022 16:24:40 +0100
Subject: [PATCH] Fixed additional new clippy lints for libafl_qemu,
 libafl_frida (#473)

* clippy for qemu

* getrlimit clippy
---
 libafl_frida/src/asan/asan_rt.rs |  2 +-
 libafl_qemu/src/emu.rs           | 26 ++++++++++++++++++++++----
 libafl_qemu/src/executor.rs      |  4 ++--
 3 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/libafl_frida/src/asan/asan_rt.rs b/libafl_frida/src/asan/asan_rt.rs
index 1075c2c396..4c3d1fc73a 100644
--- a/libafl_frida/src/asan/asan_rt.rs
+++ b/libafl_frida/src/asan/asan_rt.rs
@@ -378,7 +378,7 @@ impl AsanRuntime {
             rlim_cur: 0,
             rlim_max: 0,
         };
-        assert!(unsafe { getrlimit64(RLIMIT_STACK, &mut stack_rlimit as *mut rlimit64) } == 0);
+        assert!(unsafe { getrlimit64(RLIMIT_STACK, addr_of_mut!(stack_rlimit)) } == 0);
 
         stack_rlimit.rlim_cur as usize
     }
diff --git a/libafl_qemu/src/emu.rs b/libafl_qemu/src/emu.rs
index b4485bbc3f..a4273895cb 100644
--- a/libafl_qemu/src/emu.rs
+++ b/libafl_qemu/src/emu.rs
@@ -4,7 +4,7 @@ use core::{
     convert::Into,
     ffi::c_void,
     mem::{size_of, transmute, MaybeUninit},
-    ptr::{copy_nonoverlapping, null},
+    ptr::{addr_of, addr_of_mut, copy_nonoverlapping, null},
 };
 use num_enum::{IntoPrimitive, TryFromPrimitive};
 use num_traits::Num;
@@ -262,7 +262,7 @@ impl Iterator for GuestMaps {
         }
         unsafe {
             let mut ret: MapInfo = MaybeUninit::uninit().assume_init();
-            self.c_iter = libafl_maps_next(self.c_iter, &mut ret as *mut _);
+            self.c_iter = libafl_maps_next(self.c_iter, addr_of_mut!(ret));
             if self.c_iter.is_null() {
                 None
             } else {
@@ -333,11 +333,18 @@ impl Emulator {
         Emulator { _private: () }
     }
 
+    /// This function gets the memory mappings from the emulator.
     #[must_use]
     pub fn mappings(&self) -> GuestMaps {
         GuestMaps::new()
     }
 
+    /// Write a value to a guest address.
+    ///
+    /// # Safety
+    /// This will write to a translated guest address (using `g2h`).
+    /// It just adds `guest_base` and writes to that location, without checking the bounds.
+    /// This may only be safely used for valid guest addresses!
     pub unsafe fn write_mem<T>(&self, addr: u64, buf: &[T]) {
         let host_addr = self.g2h(addr);
         copy_nonoverlapping(
@@ -347,6 +354,12 @@ impl Emulator {
         );
     }
 
+    /// Read a value from a guest address.
+    ///
+    /// # Safety
+    /// This will read from a translated guest address (using `g2h`).
+    /// It just adds `guest_base` and writes to that location, without checking the bounds.
+    /// This may only be safely used for valid guest addresses!
     pub unsafe fn read_mem<T>(&self, addr: u64, buf: &mut [T]) {
         let host_addr = self.g2h(addr);
         copy_nonoverlapping(
@@ -367,7 +380,7 @@ impl Emulator {
         R: Into<i32>,
     {
         let reg = reg.into();
-        let success = unsafe { libafl_qemu_write_reg(reg, &val as *const _ as *const u8) };
+        let success = unsafe { libafl_qemu_write_reg(reg, addr_of!(val) as *const u8) };
         if success == 0 {
             Err(format!("Failed to write to register {}", reg))
         } else {
@@ -382,7 +395,7 @@ impl Emulator {
     {
         let reg = reg.into();
         let mut val = T::zero();
-        let success = unsafe { libafl_qemu_read_reg(reg, &mut val as *mut _ as *mut u8) };
+        let success = unsafe { libafl_qemu_read_reg(reg, addr_of_mut!(val) as *mut u8) };
         if success == 0 {
             Err(format!("Failed to read register {}", reg))
         } else {
@@ -414,6 +427,11 @@ impl Emulator {
         }
     }
 
+    /// This function will run the emulator until the next breakpoint, or until finish.
+    /// # Safety
+    ///
+    /// Should, in general, be safe to call.
+    /// Of course, the emulated target is not contained securely and can corrupt state or interact with the operating system.
     pub unsafe fn run(&self) {
         libafl_qemu_run();
     }
diff --git a/libafl_qemu/src/executor.rs b/libafl_qemu/src/executor.rs
index 8805ce15ba..00850b7482 100644
--- a/libafl_qemu/src/executor.rs
+++ b/libafl_qemu/src/executor.rs
@@ -3,7 +3,7 @@ use core::{
     ffi::c_void,
     fmt::{self, Debug, Formatter},
     mem::transmute,
-    ptr,
+    ptr::{self, addr_of},
 };
 
 use libafl::{
@@ -799,7 +799,7 @@ where
         mgr: &mut EM,
         input: &I,
     ) -> Result<ExitKind, Error> {
-        unsafe { QEMU_HELPERS_PTR = &self.helpers as *const _ as *const c_void };
+        unsafe { QEMU_HELPERS_PTR = addr_of!(self.helpers) as *const c_void };
         self.helpers.pre_exec_all(self.emulator, input);
         let r = self.inner.run_target(fuzzer, state, mgr, input);
         self.helpers.post_exec_all(self.emulator, input);