diff options
| author | Fabrice Desclaux <fabrice.desclaux@cea.fr> | 2019-03-26 17:02:51 +0100 |
|---|---|---|
| committer | Fabrice Desclaux <fabrice.desclaux@cea.fr> | 2019-03-27 12:30:46 +0100 |
| commit | f2f9333c07bc24de2203308b60bbd011fc4cbdff (patch) | |
| tree | 5e1d78581569c4f8a9b3bd76a1188dc92de7b8b8 | |
| parent | c08de784c9f4e821b526ec774afa7bbe38aec30f (diff) | |
| download | miasm-f2f9333c07bc24de2203308b60bbd011fc4cbdff.tar.gz miasm-f2f9333c07bc24de2203308b60bbd011fc4cbdff.zip | |
Jitter: fix PyGetInt upper bound
| -rw-r--r-- | miasm/jitter/arch/JitCore_x86.c | 26 | ||||
| -rw-r--r-- | miasm/jitter/compat_py23.h | 84 | ||||
| -rw-r--r-- | miasm/jitter/vm_mngr.c | 18 | ||||
| -rw-r--r-- | miasm/jitter/vm_mngr.h | 2 | ||||
| -rw-r--r-- | miasm/jitter/vm_mngr_py.c | 4 |
5 files changed, 84 insertions, 50 deletions
diff --git a/miasm/jitter/arch/JitCore_x86.c b/miasm/jitter/arch/JitCore_x86.c index d32f4d17..608893a7 100644 --- a/miasm/jitter/arch/JitCore_x86.c +++ b/miasm/jitter/arch/JitCore_x86.c @@ -560,35 +560,37 @@ JitCpu_init(JitCpu *self, PyObject *args, PyObject *kwds) return 0; } -#define getset_reg_E_u32(regname) \ +#define getset_reg_E_u32(regname) \ static PyObject *JitCpu_get_E ## regname (JitCpu *self, void *closure) \ { \ return PyLong_FromUnsignedLongLong((uint32_t)(self->cpu->R ## regname & 0xFFFFFFFF )); \ } \ static int JitCpu_set_E ## regname (JitCpu *self, PyObject *value, void *closure) \ { \ - uint64_t val; \ - PyGetInt_uint64_t_retneg(value, val); \ - val &= 0xFFFFFFFF; \ - val |= self->cpu->R ##regname & 0xFFFFFFFF00000000ULL; \ - self->cpu->R ## regname = val; \ + uint32_t val32; \ + uint64_t val64; \ + PyGetInt_uint32_t_retneg(value, val32); \ + val64 = val32; \ + val64 |= self->cpu->R ##regname & 0xFFFFFFFF00000000ULL; \ + self->cpu->R ## regname = val64; \ return 0; \ } -#define getset_reg_R_u16(regname) \ +#define getset_reg_R_u16(regname) \ static PyObject *JitCpu_get_ ## regname (JitCpu *self, void *closure) \ { \ return PyLong_FromUnsignedLongLong((uint16_t)(self->cpu->R ## regname & 0xFFFF )); \ } \ static int JitCpu_set_ ## regname (JitCpu *self, PyObject *value, void *closure) \ { \ - uint64_t val; \ - PyGetInt_uint64_t_retneg(value, val); \ - val &= 0xFFFF; \ - val |= self->cpu->R ##regname & 0xFFFFFFFFFFFF0000ULL; \ - self->cpu->R ## regname = val; \ + uint16_t val16; \ + uint64_t val64; \ + PyGetInt_uint16_t_retneg(value, val16); \ + val64 = val16; \ + val64 |= self->cpu->R ##regname & 0xFFFFFFFFFFFF0000ULL; \ + self->cpu->R ## regname = val64; \ return 0; \ } diff --git a/miasm/jitter/compat_py23.h b/miasm/jitter/compat_py23.h index 17ad9c6a..936c08f3 100644 --- a/miasm/jitter/compat_py23.h +++ b/miasm/jitter/compat_py23.h @@ -4,18 +4,29 @@ #if PY_MAJOR_VERSION >= 3 -#define PyGetInt_uint_t(size, item, value) \ - if (PyLong_Check(item)){ \ - value = (uint ## size ## _t)PyLong_AsUnsignedLongLong(item); \ +#define PyGetInt_uint_t(size_type, item, value) \ + if (PyLong_Check(item)) { \ + unsigned long long tmp; \ + tmp = PyLong_AsUnsignedLongLong(item); \ + if ( tmp > (size_type) -1) { \ + RAISE(PyExc_TypeError, "Arg too big for " #size_type ""); \ + } \ + value = (size_type) tmp; \ } \ else{ \ - RAISE(PyExc_TypeError,"arg must be int"); \ + RAISE(PyExc_TypeError, "Arg must be int"); \ } -#define PyGetInt_uint_t_retneg(size, item, value) \ - if (PyLong_Check(item)){ \ - value = (uint ## size ##_t)PyLong_AsUnsignedLongLong(item); \ +#define PyGetInt_uint_t_retneg(size_type, item, value) \ + if (PyLong_Check(item)) { \ + unsigned long long tmp; \ + tmp = PyLong_AsUnsignedLongLong(item); \ + if ( tmp > (size_type) -1) { \ + PyErr_SetString(PyExc_TypeError, "Arg too big for " #size_type ""); \ + return -1; \ + } \ + value = (size_type) tmp; \ } \ else{ \ PyErr_SetString(PyExc_TypeError, "Arg must be int"); \ @@ -30,24 +41,46 @@ #else -#define PyGetInt_uint_t(size, item, value) \ - if (PyInt_Check(item)){ \ - value = (uint ## size ##_t)PyInt_AsLong(item); \ +#define PyGetInt_uint_t(size_type, item, value) \ + if (PyInt_Check(item)) { \ + long tmp; \ + tmp = PyInt_AsLong(item); \ + if ( tmp > (size_type) -1) { \ + RAISE(PyExc_TypeError, "Arg too big for " #size_type ""); \ + } \ + value = (size_type) tmp; \ } \ else if (PyLong_Check(item)){ \ - value = (uint ## size ##_t)PyLong_AsUnsignedLongLong(item); \ + unsigned long long tmp; \ + tmp = PyLong_AsUnsignedLongLong(item); \ + if ( tmp > (size_type) -1) { \ + RAISE(PyExc_TypeError, "Arg too big for " #size_type ""); \ + } \ + value = (size_type) tmp; \ } \ else{ \ - RAISE(PyExc_TypeError,"arg must be int"); \ + RAISE(PyExc_TypeError, "Arg must be int"); \ } -#define PyGetInt_uint_t_retneg(size, item, value) \ - if (PyInt_Check(item)){ \ - value = (uint ## size ##_t)PyLong_AsLong(item); \ +#define PyGetInt_uint_t_retneg(size_type, item, value) \ + if (PyInt_Check(item)) { \ + long tmp; \ + tmp = PyLong_AsLong(item); \ + if ( tmp > (size_type) -1) { \ + PyErr_SetString(PyExc_TypeError, "Arg too big for " #size_type ""); \ + return -1; \ + } \ + value = (size_type) tmp; \ } \ else if (PyLong_Check(item)){ \ - value = (uint ## size ##_t)PyLong_AsUnsignedLongLong(item); \ + unsigned long long tmp; \ + tmp = PyLong_AsUnsignedLongLong(item); \ + if ( tmp > (size_type) -1) { \ + PyErr_SetString(PyExc_TypeError, "Arg too big for " #size_type ""); \ + return -1; \ + } \ + value = (size_type) tmp; \ } \ else{ \ PyErr_SetString(PyExc_TypeError, "Arg must be int"); \ @@ -63,15 +96,18 @@ #endif -#define PyGetInt_uint8_t(item, value) PyGetInt_uint_t(8, item, value) -#define PyGetInt_uint16_t(item, value) PyGetInt_uint_t(16, item, value) -#define PyGetInt_uint32_t(item, value) PyGetInt_uint_t(32, item, value) -#define PyGetInt_uint64_t(item, value) PyGetInt_uint_t(64, item, value) -#define PyGetInt_uint8_t_retneg(item, value) PyGetInt_uint_t_retneg(8, item, value) -#define PyGetInt_uint16_t_retneg(item, value) PyGetInt_uint_t_retneg(16, item, value) -#define PyGetInt_uint32_t_retneg(item, value) PyGetInt_uint_t_retneg(32, item, value) -#define PyGetInt_uint64_t_retneg(item, value) PyGetInt_uint_t_retneg(64, item, value) +#define PyGetInt_size_t(item, value) PyGetInt_uint_t(size_t, item, value) + +#define PyGetInt_uint8_t(item, value) PyGetInt_uint_t(uint8_t, item, value) +#define PyGetInt_uint16_t(item, value) PyGetInt_uint_t(uint16_t, item, value) +#define PyGetInt_uint32_t(item, value) PyGetInt_uint_t(uint32_t, item, value) +#define PyGetInt_uint64_t(item, value) PyGetInt_uint_t(uint64_t, item, value) + +#define PyGetInt_uint8_t_retneg(item, value) PyGetInt_uint_t_retneg(uint8_t, item, value) +#define PyGetInt_uint16_t_retneg(item, value) PyGetInt_uint_t_retneg(uint16_t, item, value) +#define PyGetInt_uint32_t_retneg(item, value) PyGetInt_uint_t_retneg(uint32_t, item, value) +#define PyGetInt_uint64_t_retneg(item, value) PyGetInt_uint_t_retneg(uint64_t, item, value) diff --git a/miasm/jitter/vm_mngr.c b/miasm/jitter/vm_mngr.c index d27dd135..43d6db53 100644 --- a/miasm/jitter/vm_mngr.c +++ b/miasm/jitter/vm_mngr.c @@ -556,7 +556,6 @@ int vm_read_mem(vm_mngr_t* vm_mngr, uint64_t addr, char** buffer_ptr, size_t siz int vm_write_mem(vm_mngr_t* vm_mngr, uint64_t addr, char *buffer, size_t size) { size_t len; - size_t size_st; uint64_t addr_diff; size_t addr_diff_st; struct memory_page_node * mpn; @@ -565,10 +564,9 @@ int vm_write_mem(vm_mngr_t* vm_mngr, uint64_t addr, char *buffer, size_t size) fprintf(stderr, "Write size wider than supported system\n"); exit(EXIT_FAILURE); } - size_st = (size_t)size; /* write is multiple page wide */ - while (size_st){ + while (size){ mpn = get_memory_page_from_address(vm_mngr, addr, 1); if (!mpn){ PyErr_SetString(PyExc_RuntimeError, "Error: cannot find address"); @@ -581,11 +579,11 @@ int vm_write_mem(vm_mngr_t* vm_mngr, uint64_t addr, char *buffer, size_t size) exit(EXIT_FAILURE); } addr_diff_st = (size_t) addr_diff; - len = MIN(size_st, mpn->size - addr_diff_st); + len = MIN(size, mpn->size - addr_diff_st); memcpy((char*)mpn->ad_hp + addr_diff_st, buffer, len); buffer += len; addr += len; - size_st -= len; + size -= len; } return 0; @@ -593,10 +591,9 @@ int vm_write_mem(vm_mngr_t* vm_mngr, uint64_t addr, char *buffer, size_t size) -int is_mapped(vm_mngr_t* vm_mngr, uint64_t addr, uint64_t size) +int is_mapped(vm_mngr_t* vm_mngr, uint64_t addr, size_t size) { size_t len; - size_t size_st; uint64_t addr_diff; size_t addr_diff_st; struct memory_page_node * mpn; @@ -605,10 +602,9 @@ int is_mapped(vm_mngr_t* vm_mngr, uint64_t addr, uint64_t size) fprintf(stderr, "Test size wider than supported system\n"); exit(EXIT_FAILURE); } - size_st = (size_t)size; /* test multiple page wide */ - while (size_st){ + while (size){ mpn = get_memory_page_from_address(vm_mngr, addr, 0); if (!mpn) return 0; @@ -619,9 +615,9 @@ int is_mapped(vm_mngr_t* vm_mngr, uint64_t addr, uint64_t size) exit(EXIT_FAILURE); } addr_diff_st = (size_t) addr_diff; - len = MIN(size_st, mpn->size - addr_diff_st); + len = MIN(size, mpn->size - addr_diff_st); addr += len; - size_st -= len; + size -= len; } return 1; diff --git a/miasm/jitter/vm_mngr.h b/miasm/jitter/vm_mngr.h index 44f369a6..913d06f8 100644 --- a/miasm/jitter/vm_mngr.h +++ b/miasm/jitter/vm_mngr.h @@ -185,7 +185,7 @@ int is_mem_mapped(vm_mngr_t* vm_mngr, uint64_t ad); uint64_t get_mem_base_addr(vm_mngr_t* vm_mngr, uint64_t addr, uint64_t *addr_base); unsigned int MEM_LOOKUP(vm_mngr_t* vm_mngr, unsigned int my_size, uint64_t addr); -int is_mapped(vm_mngr_t* vm_mngr, uint64_t addr, uint64_t size); +int is_mapped(vm_mngr_t* vm_mngr, uint64_t addr, size_t size); void vm_throw(vm_mngr_t* vm_mngr, unsigned long flags); void vm_MEM_WRITE_08(vm_mngr_t* vm_mngr, uint64_t addr, unsigned char src); diff --git a/miasm/jitter/vm_mngr_py.c b/miasm/jitter/vm_mngr_py.c index d2e1d97f..9ec87b0d 100644 --- a/miasm/jitter/vm_mngr_py.c +++ b/miasm/jitter/vm_mngr_py.c @@ -740,14 +740,14 @@ PyObject* vm_is_mapped(VmMngr* self, PyObject* args) PyObject *ad; PyObject *size; uint64_t b_ad; - uint64_t b_size; + size_t b_size; int ret; if (!PyArg_ParseTuple(args, "OO", &ad, &size)) RAISE(PyExc_TypeError,"Cannot parse arguments"); PyGetInt_uint64_t(ad, b_ad); - PyGetInt_uint64_t(size, b_size); + PyGetInt_size_t(size, b_size); ret = is_mapped(&self->vm_mngr, b_ad, b_size); return PyLong_FromUnsignedLongLong((uint64_t)ret); } |