diff --git a/libafl_qemu/libqasan/hooks.c b/libafl_qemu/libqasan/hooks.c index c0adf97759..8b27bb8094 100644 --- a/libafl_qemu/libqasan/hooks.c +++ b/libafl_qemu/libqasan/hooks.c @@ -24,6 +24,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *******************************************************************************/ #include "libqasan.h" +#include "printf/printf.h" #include "map_macro.h" #include #include @@ -593,3 +594,26 @@ int wcscmp(const wchar_t *s1, const wchar_t *s2) { return r; } + +int asprintf(char **restrict strp, const char *restrict fmt, ...) { + void *rtv = __builtin_return_address(0); + + QASAN_DEBUG("%14p: asprintf(%p, %p)\n", rtv, strp, fmt); + va_list va; + va_start(va, fmt); + int len = __libqasan_vasprintf(strp, fmt, va); + va_end(va); + QASAN_DEBUG("\t\t = %d [*strp = %p]\n", len, *strp); + + return len; +} + +int vasprintf(char **restrict strp, const char *restrict fmt, va_list ap) { + void *rtv = __builtin_return_address(0); + + QASAN_DEBUG("%14p: vasprintf(%p, %p)\n", rtv, strp, fmt); + int len = __libqasan_vasprintf(strp, fmt, ap); + QASAN_DEBUG("\t\t = %d [*strp = %p]\n", len, *strp); + + return len; +} diff --git a/libafl_qemu/libqasan/patch.c b/libafl_qemu/libqasan/patch.c index 9dafd3d786..03c9ac2672 100644 --- a/libafl_qemu/libqasan/patch.c +++ b/libafl_qemu/libqasan/patch.c @@ -200,6 +200,9 @@ void __libqasan_hotpatch(void) { HOTPATCH(bcmp) #endif + HOTPATCH(asprintf) + HOTPATCH(vasprintf) + HOTPATCH(strchr) HOTPATCH(strrchr) HOTPATCH(strcasecmp) diff --git a/libafl_qemu/libqasan/printf/printf.c b/libafl_qemu/libqasan/printf/printf.c index b4e1a03eb4..e3f0afea4c 100644 --- a/libafl_qemu/libqasan/printf/printf.c +++ b/libafl_qemu/libqasan/printf/printf.c @@ -35,6 +35,7 @@ #include #include "printf.h" +#include "../libqasan.h" // qasan define #define PRINTF_SUPPORT_FLOAT @@ -911,6 +912,17 @@ int __libqasan_vprintf(const char *format, va_list va) { return _vsnprintf(_out_char, buffer, (size_t)-1, format, va); } +int __libqasan_vasprintf(char **restrict strp, const char *restrict format, + va_list va) { + // get the string size + const int len = _vsnprintf(NULL, NULL, (size_t)-1, format, va); + + void *buffer = __libqasan_malloc(len + 1); + *strp = buffer; + const int ret = _vsnprintf(_out_buffer, buffer, len + 1, format, va); + return ret; +} + int __libqasan_vsnprintf(char *buffer, size_t count, const char *format, va_list va) { return _vsnprintf(_out_buffer, buffer, count, format, va); diff --git a/libafl_qemu/libqasan/printf/printf.h b/libafl_qemu/libqasan/printf/printf.h index 8f329fd7ef..dc85409af3 100644 --- a/libafl_qemu/libqasan/printf/printf.h +++ b/libafl_qemu/libqasan/printf/printf.h @@ -93,6 +93,17 @@ int __libqasan_vsnprintf(char *buffer, size_t count, const char *format, */ int __libqasan_vprintf(const char *format, va_list va); +/** + * Tiny vasprintf implementation + * \param strp This function will write the pointer to the allocated string + * \param format A string that specifies the format of the output + * \param va A value identifying a variable arguments list + * \return The number of characters that are WRITTEN into the buffer, not + * counting the terminating null character + */ +int __libqasan_vasprintf(char **restrict strp, const char *restrict format, + va_list va); + /** * printf with output function * You may use this as dynamic alternative to printf() with its fixed _putchar()