From c8fe68fb3decf6215082a441ecae0553cbacddc2 Mon Sep 17 00:00:00 2001 From: practicalswift Date: Sun, 15 Nov 2015 00:04:34 +0100 Subject: [PATCH 1/4] Add test case for issue #266 ("Invalid read of size 4" in cpu_tb_exec). --- tests/regress/invalid_read_in_cpu_tb_exec.c | 28 +++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 tests/regress/invalid_read_in_cpu_tb_exec.c diff --git a/tests/regress/invalid_read_in_cpu_tb_exec.c b/tests/regress/invalid_read_in_cpu_tb_exec.c new file mode 100644 index 0000000..8e309ca --- /dev/null +++ b/tests/regress/invalid_read_in_cpu_tb_exec.c @@ -0,0 +1,28 @@ +#include + +static void hook_block(uc_engine *uc, uint64_t address, uint32_t size, void *user_data) { + printf("hook_block(…)\n"); +} + +#define BINARY "\x80\x05\xff\xff\xff\xff\x30\xeb\xf7\x30" +#define MEMORY_SIZE 2 * 1024 * 1024 +#define STARTING_ADDRESS 0x1000000 + +int main(int argc, char **argv, char **envp) { + uc_engine *uc; + if (uc_open(UC_ARCH_X86, UC_MODE_64, &uc)) { + printf("uc_open(…) failed\n"); + return 1; + } + uc_mem_map(uc, STARTING_ADDRESS, MEMORY_SIZE, UC_PROT_ALL); + if (uc_mem_write(uc, STARTING_ADDRESS, BINARY, sizeof(BINARY) - 1)) { + printf("uc_mem_write(…) failed\n"); + return 1; + } + uc_hook hook; + uc_hook_add(uc, &hook, UC_HOOK_BLOCK, hook_block, NULL, 1, 0); + printf("uc_emu_start(…)\n"); + uc_emu_start(uc, STARTING_ADDRESS, STARTING_ADDRESS + sizeof(BINARY) - 1, 0, 0); + printf("done\n"); + return 0; +} From 5b34660b3f2e2ed76fc35e31748697ddbc6e0a77 Mon Sep 17 00:00:00 2001 From: practicalswift Date: Sun, 15 Nov 2015 17:31:06 +0100 Subject: [PATCH 2/4] Add test case to Makefile and .gitignore. Add disassembly. --- .gitignore | 1 + tests/regress/Makefile | 1 + tests/regress/invalid_read_in_cpu_tb_exec.c | 5 +++++ 3 files changed, 7 insertions(+) diff --git a/.gitignore b/.gitignore index 7dbba4f..f6e783e 100644 --- a/.gitignore +++ b/.gitignore @@ -111,6 +111,7 @@ eflags_nosync 00opcode_uc_crash eflags_noset mem_map_large +invalid_read_in_cpu_tb_exec ################# diff --git a/tests/regress/Makefile b/tests/regress/Makefile index 759adea..c0c653b 100644 --- a/tests/regress/Makefile +++ b/tests/regress/Makefile @@ -16,6 +16,7 @@ TESTS += eflags_nosync TESTS += 00opcode_uc_crash TESTS += eflags_noset TESTS += mem_map_large +TESTS += invalid_read_in_cpu_tb_exec all: $(TESTS) diff --git a/tests/regress/invalid_read_in_cpu_tb_exec.c b/tests/regress/invalid_read_in_cpu_tb_exec.c index 8e309ca..c05fc5b 100644 --- a/tests/regress/invalid_read_in_cpu_tb_exec.c +++ b/tests/regress/invalid_read_in_cpu_tb_exec.c @@ -4,6 +4,11 @@ static void hook_block(uc_engine *uc, uint64_t address, uint32_t size, void *use printf("hook_block(…)\n"); } +/* + * Disassembly according to capstone: + * add byte ptr [rip - 1], 0x30 + * jmp 0x1000000 + */ #define BINARY "\x80\x05\xff\xff\xff\xff\x30\xeb\xf7\x30" #define MEMORY_SIZE 2 * 1024 * 1024 #define STARTING_ADDRESS 0x1000000 From 76ed117df65bba075d416d7dac5d574e9e23a3fc Mon Sep 17 00:00:00 2001 From: practicalswift Date: Sun, 15 Nov 2015 18:12:10 +0100 Subject: [PATCH 3/4] =?UTF-8?q?Cast=20last=20two=20uc=5Fhook=5Fadd(?= =?UTF-8?q?=E2=80=A6)=20arguments=20to=20uint64=5Ft.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tests/regress/invalid_read_in_cpu_tb_exec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/regress/invalid_read_in_cpu_tb_exec.c b/tests/regress/invalid_read_in_cpu_tb_exec.c index c05fc5b..808f89b 100644 --- a/tests/regress/invalid_read_in_cpu_tb_exec.c +++ b/tests/regress/invalid_read_in_cpu_tb_exec.c @@ -25,7 +25,7 @@ int main(int argc, char **argv, char **envp) { return 1; } uc_hook hook; - uc_hook_add(uc, &hook, UC_HOOK_BLOCK, hook_block, NULL, 1, 0); + uc_hook_add(uc, &hook, UC_HOOK_BLOCK, hook_block, NULL, (uint64_t)1, (uint64_t)0); printf("uc_emu_start(…)\n"); uc_emu_start(uc, STARTING_ADDRESS, STARTING_ADDRESS + sizeof(BINARY) - 1, 0, 0); printf("done\n"); From 8af4967707486c654b8c4676bc0a1e78bddfd450 Mon Sep 17 00:00:00 2001 From: practicalswift Date: Sun, 15 Nov 2015 18:18:04 +0100 Subject: [PATCH 4/4] Remove space. --- tests/regress/invalid_read_in_cpu_tb_exec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/regress/invalid_read_in_cpu_tb_exec.c b/tests/regress/invalid_read_in_cpu_tb_exec.c index 808f89b..7e4f265 100644 --- a/tests/regress/invalid_read_in_cpu_tb_exec.c +++ b/tests/regress/invalid_read_in_cpu_tb_exec.c @@ -25,7 +25,7 @@ int main(int argc, char **argv, char **envp) { return 1; } uc_hook hook; - uc_hook_add(uc, &hook, UC_HOOK_BLOCK, hook_block, NULL, (uint64_t)1, (uint64_t)0); + uc_hook_add(uc, &hook, UC_HOOK_BLOCK, hook_block, NULL, (uint64_t)1, (uint64_t)0); printf("uc_emu_start(…)\n"); uc_emu_start(uc, STARTING_ADDRESS, STARTING_ADDRESS + sizeof(BINARY) - 1, 0, 0); printf("done\n");