From b067435862a3071abd88fa308a6ed4ee17d5c12e Mon Sep 17 00:00:00 2001 From: "Dongjia \"toka\" Zhang" Date: Thu, 13 Feb 2025 14:17:48 +0100 Subject: [PATCH] Align addresses before calling qemu.unmap in Snapshot module (#2978) * alignment * a --- libafl_qemu/src/modules/usermode/snapshot.rs | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/libafl_qemu/src/modules/usermode/snapshot.rs b/libafl_qemu/src/modules/usermode/snapshot.rs index cf78f2b25d..2bf92038a8 100644 --- a/libafl_qemu/src/modules/usermode/snapshot.rs +++ b/libafl_qemu/src/modules/usermode/snapshot.rs @@ -415,12 +415,20 @@ impl SnapshotModule { .unwrap(); } else if new_brk > self.brk { // The heap has grown. so we want to drop those - let drop_sz = (new_brk - self.brk) as usize; + // we want to align the addresses before calling unmap + // although it is very unlikely that the brk has an unaligned value + let new_page_boundary = (new_brk + ((SNAPSHOT_PAGE_MASK - 1) as GuestAddr)) + & (!(SNAPSHOT_PAGE_SIZE - 1) as GuestAddr); + let old_page_boundary = (self.brk + ((SNAPSHOT_PAGE_MASK - 1) as GuestAddr)) + & (!(SNAPSHOT_PAGE_SIZE - 1) as GuestAddr); - // if self.brk is not aligned this call will return an error - // and it will page align this drop_sz too - // look at target_munmap in qemu-libafl-bridge - qemu.unmap(self.brk, drop_sz).unwrap(); + if new_page_boundary != old_page_boundary { + let unmap_sz = (new_page_boundary - old_page_boundary) as usize; + // if self.brk is not aligned this call will return an error + // and it will page align this unmap_sz too (but it is already aligned for us) + // look at target_munmap in qemu-libafl-bridge + qemu.unmap(self.brk, unmap_sz).unwrap(); + } } for acc in &mut self.accesses {