SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

frida: small fixes (#169)

Browse Source 
* Too large allocs should return 0; Don't forcibly free unfreed allocations in reset

* Make max ASAN allocation configurable
This commit is contained in:
s1341 2021-06-13 13:27:27 +03:00 committed by GitHub
parent c123872b11
commit ca4bdd3e3b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 38 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
libafl_frida/src/alloc.rs
View File

@ -170,8 +170,11 @@ impl Allocator {
} else { } else {
size size
}; };
if size > (1 << 30) { if size > self.options.asan_max_allocation() {
panic!("Allocation is too large: 0x{:x}", size); if self.options.asan_max_allocation_panics() {
panic!("Allocation is too large: 0x{:x}", size);
}
return std::ptr::null_mut();
} }
let rounded_up_size = self.round_up_to_page(size) + 2 * self.page_size; let rounded_up_size = self.round_up_to_page(size) + 2 * self.page_size;
@ -290,7 +293,12 @@ impl Allocator {
} }
pub fn reset(&mut self) { pub fn reset(&mut self) {
let mut tmp_allocations = Vec::new();
for (address, mut allocation) in self.allocations.drain() { for (address, mut allocation) in self.allocations.drain() {
if !allocation.freed {
tmp_allocations.push(allocation);
continue;
}
// First poison the memory. // First poison the memory.
Self::poison(map_to_shadow!(self, address), allocation.size); Self::poison(map_to_shadow!(self, address), allocation.size);
@ -306,6 +314,10 @@ impl Allocator {
.or_default() .or_default()
.push(allocation); .push(allocation);
} }
for allocation in tmp_allocations {
self.allocations.insert(allocation.address, allocation);
}
} }
#[cfg(target_arch = "aarch64")] #[cfg(target_arch = "aarch64")]

24
libafl_frida/src/lib.rs
View File

@ -30,6 +30,8 @@ pub struct FridaOptions {
enable_asan_leak_detection: bool, enable_asan_leak_detection: bool,
enable_asan_continue_after_error: bool, enable_asan_continue_after_error: bool,
enable_asan_allocation_backtraces: bool, enable_asan_allocation_backtraces: bool,
asan_max_allocation: usize,
asan_max_allocation_panics: bool,
enable_coverage: bool, enable_coverage: bool,
enable_drcov: bool, enable_drcov: bool,
instrument_suppress_locations: Option<Vec<(String, usize)>>, instrument_suppress_locations: Option<Vec<(String, usize)>>,
@ -72,6 +74,12 @@ impl FridaOptions {
"asan-allocation-backtraces" => { "asan-allocation-backtraces" => {
options.enable_asan_allocation_backtraces = value.parse().unwrap(); options.enable_asan_allocation_backtraces = value.parse().unwrap();
} }
"asan-max-allocation" => {
options.asan_max_allocation = value.parse().unwrap();
}
"asan-max-allocation-panics" => {
options.asan_max_allocation_panics = value.parse().unwrap();
}
"asan-cores" => { "asan-cores" => {
asan_cores = parse_core_bind_arg(value); asan_cores = parse_core_bind_arg(value);
} }
@ -193,6 +201,20 @@ impl FridaOptions {
self.enable_asan_leak_detection self.enable_asan_leak_detection
} }
/// The maximum size that the ASAN allocator should allocate
#[must_use]
#[inline]
pub fn asan_max_allocation(&self) -> usize {
self.asan_max_allocation
}
/// Should we panic if the max ASAN allocation size is exceeded
#[must_use]
#[inline]
pub fn asan_max_allocation_panics(&self) -> bool {
self.asan_max_allocation_panics
}
/// Should ASAN continue after a memory error is detected /// Should ASAN continue after a memory error is detected
#[must_use] #[must_use]
#[inline] #[inline]
@ -229,6 +251,8 @@ impl Default for FridaOptions {
enable_asan_leak_detection: false, enable_asan_leak_detection: false,
enable_asan_continue_after_error: false, enable_asan_continue_after_error: false,
enable_asan_allocation_backtraces: true, enable_asan_allocation_backtraces: true,
asan_max_allocation: 1 << 30,
asan_max_allocation_panics: false,
enable_coverage: true, enable_coverage: true,
enable_drcov: false, enable_drcov: false,
instrument_suppress_locations: None, instrument_suppress_locations: None,