diff options
| author | WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> | 2021-05-10 08:55:48 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-05-10 09:55:48 +0200 |
| commit | 114605df538bc49da3778546b74a9230fc4c0908 (patch) | |
| tree | db724c7067b9cb64d051839e89ed83da53c2ea3e | |
| parent | 340fc13de188b257ccb9e46a1f581ebd172ea81e (diff) | |
| download | afl++-114605df538bc49da3778546b74a9230fc4c0908.tar.gz | |
Frida cmplog fail fast (#914)
* Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name <you@example.com>
| -rw-r--r-- | frida_mode/src/cmplog/cmplog.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/frida_mode/src/cmplog/cmplog.c b/frida_mode/src/cmplog/cmplog.c index 84412c0b..3fab1951 100644 --- a/frida_mode/src/cmplog/cmplog.c +++ b/frida_mode/src/cmplog/cmplog.c @@ -4,6 +4,8 @@ #include "util.h" +#define DEFAULT_MMAP_MIN_ADDR (32UL << 10) + extern struct cmp_map *__afl_cmp_map; static GArray *cmplog_ranges = NULL; @@ -55,6 +57,16 @@ gboolean cmplog_is_readable(void *addr, size_t size) { if (cmplog_ranges == NULL) FATAL("CMPLOG not initialized"); + /* + * The Linux kernel prevents mmap from allocating from the very bottom of the + * address space to mitigate NULL pointer dereference attacks. The exact size + * is set by sysctl by setting mmap_min_addr and 64k is suggested on most + * platforms with 32k on ARM systems. We therefore fail fast if the address + * is lower than this. This should avoid some overhead when functions are + * called where one of the parameters is a size, or a some other small value. + */ + if (GPOINTER_TO_SIZE(addr) < DEFAULT_MMAP_MIN_ADDR) { return false; } + GumAddress inner_base = GUM_ADDRESS(addr); GumAddress inner_limit = inner_base + size; |