diff options
| author | van Hauser <vh@thc.org> | 2023-08-30 20:37:12 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-30 20:37:12 +0000 |
| commit | 5020e6b275adf0d74e9174b278ff417b5c6a64d2 (patch) | |
| tree | bdc52ef01f7c7d05931054118cef48e97161783b /frida_mode/src | |
| parent | c60431247e971881bc159a84e5505dfec7adcf6d (diff) | |
| parent | e4b408932d50c278f3dcd1612a44647512218a6f (diff) | |
| download | afl++-5020e6b275adf0d74e9174b278ff417b5c6a64d2.tar.gz | |
Merge pull request #1826 from WorksButNotTested/arm64-fix
Don't corrupt instruction if map offset is too large
Diffstat (limited to 'frida_mode/src')
| -rw-r--r-- | frida_mode/src/instrument/instrument_arm64.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index 2256f941..a0c66697 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -402,6 +402,18 @@ bool instrument_write_inline(GumArm64Writer *cw, GumAddress code_addr, } + /* + * The mov instruction supports up to a 16-bit offset. If our offset is out of + * range, then it can end up clobbering the op-code portion of the instruction + * rather than just the operands. So return false and fall back to the + * alternative instrumentation. + */ + if (area_offset > UINT16_MAX) { + + return false; + + } + code.code.mov_x0_curr_loc |= area_offset << 5; if (!instrument_patch_ardp( |