From d316591ba1e46a37b1d94f5deaba2b4a6cc7c362 Mon Sep 17 00:00:00 2001
From: David CARLIER <devnexen@gmail.com>
Date: Sun, 4 Sep 2022 02:09:05 +0100
Subject: [PATCH] libafl_frida: ASan hook adding Apple's memset_pattern* api.
 (#761)

---
 libafl_frida/src/asan/hook_funcs.rs | 81 +++++++++++++++++++++++++++++
 1 file changed, 81 insertions(+)

diff --git a/libafl_frida/src/asan/hook_funcs.rs b/libafl_frida/src/asan/hook_funcs.rs
index 3f05548ba7..fba362a021 100644
--- a/libafl_frida/src/asan/hook_funcs.rs
+++ b/libafl_frida/src/asan/hook_funcs.rs
@@ -1158,4 +1158,85 @@ impl AsanRuntime {
         }
         unsafe { wcscmp(s1, s2) }
     }
+
+    #[cfg(target_vendor = "apple")]
+    #[inline]
+    pub fn hook_memset_pattern4(&mut self, s: *mut c_void, p4: *const c_void, n: usize) {
+        extern "C" {
+            fn memset_pattern4(s: *mut c_void, p4: *const c_void, n: usize);
+        }
+        if !(self.shadow_check_func().unwrap())(s, n) {
+            AsanErrors::get_mut().report_error(AsanError::BadFuncArgWrite((
+                "memset_pattern4".to_string(),
+                self.real_address_for_stalked(AsanRuntime::pc()),
+                s as usize,
+                n,
+                Backtrace::new(),
+            )));
+        }
+        if !(self.shadow_check_func().unwrap())(p4, n / 4) {
+            AsanErrors::get_mut().report_error(AsanError::BadFuncArgWrite((
+                "memset_pattern4".to_string(),
+                self.real_address_for_stalked(AsanRuntime::pc()),
+                p4 as usize,
+                n / 4,
+                Backtrace::new(),
+            )));
+        }
+        unsafe { memset_pattern4(s, p4, n) }
+    }
+
+    #[cfg(target_vendor = "apple")]
+    #[inline]
+    pub fn hook_memset_pattern8(&mut self, s: *mut c_void, p8: *const c_void, n: usize) {
+        extern "C" {
+            fn memset_pattern8(s: *mut c_void, p8: *const c_void, n: usize);
+        }
+        if !(self.shadow_check_func().unwrap())(s, n) {
+            AsanErrors::get_mut().report_error(AsanError::BadFuncArgWrite((
+                "memset_pattern8".to_string(),
+                self.real_address_for_stalked(AsanRuntime::pc()),
+                s as usize,
+                n,
+                Backtrace::new(),
+            )));
+        }
+        if !(self.shadow_check_func().unwrap())(p8, n / 8) {
+            AsanErrors::get_mut().report_error(AsanError::BadFuncArgWrite((
+                "memset_pattern8".to_string(),
+                self.real_address_for_stalked(AsanRuntime::pc()),
+                p8 as usize,
+                n / 8,
+                Backtrace::new(),
+            )));
+        }
+        unsafe { memset_pattern8(s, p8, n) }
+    }
+
+    #[cfg(target_vendor = "apple")]
+    #[inline]
+    pub fn hook_memset_pattern16(&mut self, s: *mut c_void, p16: *const c_void, n: usize) {
+        extern "C" {
+            fn memset_pattern16(s: *mut c_void, p16: *const c_void, n: usize);
+        }
+        if !(self.shadow_check_func().unwrap())(s, n) {
+            AsanErrors::get_mut().report_error(AsanError::BadFuncArgWrite((
+                "memset_pattern16".to_string(),
+                self.real_address_for_stalked(AsanRuntime::pc()),
+                s as usize,
+                n,
+                Backtrace::new(),
+            )));
+        }
+        if !(self.shadow_check_func().unwrap())(p16, n / 16) {
+            AsanErrors::get_mut().report_error(AsanError::BadFuncArgWrite((
+                "memset_pattern16".to_string(),
+                self.real_address_for_stalked(AsanRuntime::pc()),
+                p16 as usize,
+                n / 16,
+                Backtrace::new(),
+            )));
+        }
+        unsafe { memset_pattern16(s, p16, n) }
+    }
 }