mirror of
https://github.com/yuzu-emu/unicorn
synced 2024-11-24 07:18:11 +00:00
fix for use after free in case of double unmap
This commit is contained in:
parent
cf727ad323
commit
dd56621bbb
3 changed files with 53 additions and 1 deletions
|
@ -8,6 +8,7 @@ TESTS += ro_mem_test nr_mem_test
|
||||||
TESTS += timeout_segfault
|
TESTS += timeout_segfault
|
||||||
TESTS += rep_movsb
|
TESTS += rep_movsb
|
||||||
TESTS += mem_unmap
|
TESTS += mem_unmap
|
||||||
|
TESTS += mem_double_unmap
|
||||||
TESTS += mem_protect
|
TESTS += mem_protect
|
||||||
TESTS += mem_exec
|
TESTS += mem_exec
|
||||||
|
|
||||||
|
|
51
tests/regress/mem_double_unmap.c
Normal file
51
tests/regress/mem_double_unmap.c
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
#define __STDC_FORMAT_MACROS
|
||||||
|
#include <inttypes.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <time.h>
|
||||||
|
|
||||||
|
#include <unicorn/unicorn.h>
|
||||||
|
|
||||||
|
int main(int argc, char **argv, char **envp)
|
||||||
|
{
|
||||||
|
uc_engine *uc;
|
||||||
|
uc_hook trace1, trace2;
|
||||||
|
uc_err err;
|
||||||
|
|
||||||
|
// Initialize emulator in X86-32bit mode
|
||||||
|
err = uc_open(UC_ARCH_X86, UC_MODE_32, &uc);
|
||||||
|
if (err) {
|
||||||
|
printf("not ok - Failed on uc_open() with error returned: %u\n", err);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
uc_mem_map(uc, 0x1000, 0x1000, UC_PROT_ALL);
|
||||||
|
if (err) {
|
||||||
|
printf("not ok - Failed on uc_mem_map() with error returned: %u\n", err);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
uc_mem_map(uc, 0x4000, 0x1000, UC_PROT_ALL);
|
||||||
|
if (err) {
|
||||||
|
printf("not ok - Failed on uc_mem_map() with error returned: %u\n", err);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
err = uc_mem_unmap(uc, 0x4000, 0x1000);
|
||||||
|
if (err) {
|
||||||
|
printf("not ok - Failed on uc_mem_unmap() with error returned: %u\n", err);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
err = uc_mem_unmap(uc, 0x4000, 0x1000);
|
||||||
|
if (!err) {
|
||||||
|
printf("not ok - second unmap succeeded\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
printf("Tests OK\n");
|
||||||
|
uc_close(uc);
|
||||||
|
return 0;
|
||||||
|
}
|
2
uc.c
2
uc.c
|
@ -814,7 +814,7 @@ MemoryRegion *memory_mapping(struct uc_struct* uc, uint64_t address)
|
||||||
// try with the cache index first
|
// try with the cache index first
|
||||||
i = uc->mapped_block_cache_index;
|
i = uc->mapped_block_cache_index;
|
||||||
|
|
||||||
if (address >= uc->mapped_blocks[i]->addr && address < uc->mapped_blocks[i]->end)
|
if (i < uc->mapped_block_count && address >= uc->mapped_blocks[i]->addr && address < uc->mapped_blocks[i]->end)
|
||||||
return uc->mapped_blocks[i];
|
return uc->mapped_blocks[i];
|
||||||
|
|
||||||
for(i = 0; i < uc->mapped_block_count; i++) {
|
for(i = 0; i < uc->mapped_block_count; i++) {
|
||||||
|
|
Loading…
Reference in a new issue