From 60c216bc9e4c79834716d4099993d8397a3a8fd9 Mon Sep 17 00:00:00 2001
From: Sergej Schumilo <sergej@schumilo.de>
Date: Tue, 11 Apr 2023 18:25:16 +0200
Subject: [PATCH] add sanitiy check to verify that the aux buffer is not
 corrupted

---
 nyx/auxiliary_buffer.c | 13 ++++++++-----
 nyx/auxiliary_buffer.h |  6 ++++++
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/nyx/auxiliary_buffer.c b/nyx/auxiliary_buffer.c
index 0bd7185175..c5222e3919 100644
--- a/nyx/auxiliary_buffer.c
+++ b/nyx/auxiliary_buffer.c
@@ -64,11 +64,7 @@ void init_auxiliary_buffer(auxilary_buffer_t *auxilary_buffer)
 
     VOLATILE_WRITE_16(auxilary_buffer->header.version, QEMU_PT_VERSION);
 
-    uint16_t hash =
-        (sizeof(auxilary_buffer_header_t) + sizeof(auxilary_buffer_cap_t) +
-         sizeof(auxilary_buffer_config_t) + sizeof(auxilary_buffer_result_t) +
-         sizeof(auxilary_buffer_misc_t)) %
-        0xFFFF;
+    uint16_t hash = AUX_BUFFER_HASH;
 
     VOLATILE_WRITE_16(auxilary_buffer->header.hash, hash);
 
@@ -83,6 +79,13 @@ void check_auxiliary_config_buffer(auxilary_buffer_t        *auxilary_buffer,
     if (changed) {
         uint8_t aux_byte;
 
+        /* sanitiy check to verify that the buffer is not corrupted */
+        uint16_t _hash = AUX_BUFFER_HASH;
+        uint64_t _magic = AUX_MAGIC;
+
+        assert(memcmp(&auxilary_buffer->header.magic, &_magic, sizeof(auxilary_buffer->header.magic)) == 0);
+        assert(memcmp(&auxilary_buffer->header.hash, &_hash, sizeof(auxilary_buffer->header.hash)) == 0);
+
         VOLATILE_READ_8(aux_byte, auxilary_buffer->configuration.redqueen_mode);
         if (aux_byte) {
             /* enable redqueen mode */
diff --git a/nyx/auxiliary_buffer.h b/nyx/auxiliary_buffer.h
index 2419fafa21..41355598f1 100644
--- a/nyx/auxiliary_buffer.h
+++ b/nyx/auxiliary_buffer.h
@@ -152,6 +152,12 @@ typedef struct auxilary_buffer_s {
 
 } __attribute__((packed)) auxilary_buffer_t;
 
+#define AUX_BUFFER_HASH ((  sizeof(auxilary_buffer_header_t) +\
+                            sizeof(auxilary_buffer_cap_t) +\
+                            sizeof(auxilary_buffer_config_t) +\
+                            sizeof(auxilary_buffer_result_t) +\
+                            sizeof(auxilary_buffer_misc_t)) % 0xFFFF)
+
 void init_auxiliary_buffer(auxilary_buffer_t *auxilary_buffer);
 void check_auxiliary_config_buffer(auxilary_buffer_t        *auxilary_buffer,
                                    auxilary_buffer_config_t *shadow_config);