SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed additional new clippy lints for libafl_qemu, libafl_frida (#473)

Browse Source 
* clippy for qemu

* getrlimit clippy
This commit is contained in:
Dominik Maier 2022-01-17 16:24:40 +01:00 committed by GitHub
parent 2dd88998bd
commit ac43997950
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libafl_frida/src/asan/asan_rt.rs
View File

@ -378,7 +378,7 @@ impl AsanRuntime {
rlim_cur: 0, rlim_cur: 0,
rlim_max: 0, rlim_max: 0,
}; };
assert!(unsafe { getrlimit64(RLIMIT_STACK, &mut stack_rlimit as *mut rlimit64) } == 0); assert!(unsafe { getrlimit64(RLIMIT_STACK, addr_of_mut!(stack_rlimit)) } == 0);
stack_rlimit.rlim_cur as usize stack_rlimit.rlim_cur as usize
} }

26
libafl_qemu/src/emu.rs
View File

@ -4,7 +4,7 @@ use core::{
convert::Into, convert::Into,
ffi::c_void, ffi::c_void,
mem::{size_of, transmute, MaybeUninit}, mem::{size_of, transmute, MaybeUninit},
ptr::{copy_nonoverlapping, null}, ptr::{addr_of, addr_of_mut, copy_nonoverlapping, null},
}; };
use num_enum::{IntoPrimitive, TryFromPrimitive}; use num_enum::{IntoPrimitive, TryFromPrimitive};
use num_traits::Num; use num_traits::Num;
@ -262,7 +262,7 @@ impl Iterator for GuestMaps {
} }
unsafe { unsafe {
let mut ret: MapInfo = MaybeUninit::uninit().assume_init(); let mut ret: MapInfo = MaybeUninit::uninit().assume_init();
self.c_iter = libafl_maps_next(self.c_iter, &mut ret as *mut _); self.c_iter = libafl_maps_next(self.c_iter, addr_of_mut!(ret));
if self.c_iter.is_null() { if self.c_iter.is_null() {
None None
} else { } else {
@ -333,11 +333,18 @@ impl Emulator {
Emulator { _private: () } Emulator { _private: () }
} }
/// This function gets the memory mappings from the emulator.
#[must_use] #[must_use]
pub fn mappings(&self) -> GuestMaps { pub fn mappings(&self) -> GuestMaps {
GuestMaps::new() GuestMaps::new()
} }
/// Write a value to a guest address.
///
/// # Safety
/// This will write to a translated guest address (using `g2h`).
/// It just adds `guest_base` and writes to that location, without checking the bounds.
/// This may only be safely used for valid guest addresses!
pub unsafe fn write_mem<T>(&self, addr: u64, buf: &[T]) { pub unsafe fn write_mem<T>(&self, addr: u64, buf: &[T]) {
let host_addr = self.g2h(addr); let host_addr = self.g2h(addr);
copy_nonoverlapping( copy_nonoverlapping(
@ -347,6 +354,12 @@ impl Emulator {
); );
} }
/// Read a value from a guest address.
///
/// # Safety
/// This will read from a translated guest address (using `g2h`).
/// It just adds `guest_base` and writes to that location, without checking the bounds.
/// This may only be safely used for valid guest addresses!
pub unsafe fn read_mem<T>(&self, addr: u64, buf: &mut [T]) { pub unsafe fn read_mem<T>(&self, addr: u64, buf: &mut [T]) {
let host_addr = self.g2h(addr); let host_addr = self.g2h(addr);
copy_nonoverlapping( copy_nonoverlapping(
@ -367,7 +380,7 @@ impl Emulator {
R: Into<i32>, R: Into<i32>,
{ {
let reg = reg.into(); let reg = reg.into();
let success = unsafe { libafl_qemu_write_reg(reg, &val as *const _ as *const u8) }; let success = unsafe { libafl_qemu_write_reg(reg, addr_of!(val) as *const u8) };
if success == 0 { if success == 0 {
Err(format!("Failed to write to register {}", reg)) Err(format!("Failed to write to register {}", reg))
} else { } else {
@ -382,7 +395,7 @@ impl Emulator {
{ {
let reg = reg.into(); let reg = reg.into();
let mut val = T::zero(); let mut val = T::zero();
let success = unsafe { libafl_qemu_read_reg(reg, &mut val as *mut _ as *mut u8) }; let success = unsafe { libafl_qemu_read_reg(reg, addr_of_mut!(val) as *mut u8) };
if success == 0 { if success == 0 {
Err(format!("Failed to read register {}", reg)) Err(format!("Failed to read register {}", reg))
} else { } else {
@ -414,6 +427,11 @@ impl Emulator {
} }
} }
/// This function will run the emulator until the next breakpoint, or until finish.
/// # Safety
///
/// Should, in general, be safe to call.
/// Of course, the emulated target is not contained securely and can corrupt state or interact with the operating system.
pub unsafe fn run(&self) { pub unsafe fn run(&self) {
libafl_qemu_run(); libafl_qemu_run();
} }

4
libafl_qemu/src/executor.rs
View File

@ -3,7 +3,7 @@ use core::{
ffi::c_void, ffi::c_void,
fmt::{self, Debug, Formatter}, fmt::{self, Debug, Formatter},
mem::transmute, mem::transmute,
ptr, ptr::{self, addr_of},
}; };
use libafl::{ use libafl::{
@ -799,7 +799,7 @@ where
mgr: &mut EM, mgr: &mut EM,
input: &I, input: &I,
) -> Result<ExitKind, Error> { ) -> Result<ExitKind, Error> {
unsafe { QEMU_HELPERS_PTR = &self.helpers as *const _ as *const c_void }; unsafe { QEMU_HELPERS_PTR = addr_of!(self.helpers) as *const c_void };
self.helpers.pre_exec_all(self.emulator, input); self.helpers.pre_exec_all(self.emulator, input);
let r = self.inner.run_target(fuzzer, state, mgr, input); let r = self.inner.run_target(fuzzer, state, mgr, input);
self.helpers.post_exec_all(self.emulator, input); self.helpers.post_exec_all(self.emulator, input);