From a903fa182be77ec7f0ef07e58015bfcd8782e33e Mon Sep 17 00:00:00 2001 From: mio Date: Mon, 10 Feb 2025 15:58:28 +0800 Subject: [PATCH] Avoid null ptr deref when writing to arm context pc register --- qemu/target/arm/unicorn_arm.c | 8 ++++++-- tests/unit/test_arm.c | 3 +++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/qemu/target/arm/unicorn_arm.c b/qemu/target/arm/unicorn_arm.c index d8417e12..b968198f 100644 --- a/qemu/target/arm/unicorn_arm.c +++ b/qemu/target/arm/unicorn_arm.c @@ -433,7 +433,10 @@ uc_err reg_write(void *_env, int mode, unsigned int regid, const void *value, CHECK_REG_TYPE(uint32_t); env->pc = (*(uint32_t *)value & ~1); env->thumb = (*(uint32_t *)value & 1); - env->uc->thumb = (*(uint32_t *)value & 1); + if (env->uc) { + // This can be NULL if env is a context + env->uc->thumb = (*(uint32_t *)value & 1); + } env->regs[15] = (*(uint32_t *)value & ~1); *setpc = 1; break; @@ -754,7 +757,8 @@ static uc_err uc_arm_context_restore(struct uc_struct *uc, uc_context *context) ARM_ENV_RESTORE(env->sau.rlar) #undef ARM_ENV_RESTORE - + // Overwrite uc to our uc + env->uc = uc; return UC_ERR_OK; } diff --git a/tests/unit/test_arm.c b/tests/unit/test_arm.c index 665b9a29..8bfb45a9 100644 --- a/tests/unit/test_arm.c +++ b/tests/unit/test_arm.c @@ -757,12 +757,15 @@ static void test_arm_context_save(void) uc_engine *uc2; char code[] = "\x83\xb0"; // sub sp, #0xc uc_context *ctx; + uint32_t pc; uc_common_setup(&uc, UC_ARCH_ARM, UC_MODE_THUMB, code, sizeof(code) - 1, UC_CPU_ARM_CORTEX_R5); OK(uc_context_alloc(uc, &ctx)); OK(uc_context_save(uc, ctx)); + OK(uc_context_reg_read(ctx, UC_ARM_REG_PC, (void*)&pc)); + OK(uc_context_reg_write(ctx, UC_ARM_REG_PC, (void*)&pc)); OK(uc_context_restore(uc, ctx)); uc_common_setup(&uc2, UC_ARCH_ARM, UC_MODE_THUMB, code, sizeof(code) - 1,