blob: 69f4da59de25407a9d87bab7fee8c4666a91607d [file] [log] [blame]
/*
*
* honggfuzz - architecture dependent code (LINUX/BFD)
* -----------------------------------------
*
* Author: Robert Swiecki <[email protected]>
*
* Copyright 2010-2018 by Google Inc. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License. You may obtain
* a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied. See the License for the specific language governing
* permissions and limitations under the License.
*
*/
#if !defined(_HF_LINUX_NO_BFD)
#include "linux/bfd.h"
#include <bfd.h>
#include <dis-asm.h>
#include <inttypes.h>
#include <pthread.h>
#include <stdarg.h>
#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include "honggfuzz.h"
#include "libhfcommon/common.h"
#include "libhfcommon/files.h"
#include "libhfcommon/log.h"
#include "libhfcommon/util.h"
#if !defined(bfd_get_section_size)
#define bfd_get_section_size(section) bfd_section_size(section)
#endif /* !defined(bfd_get_section_size) */
#if !defined(bfd_get_section_vma)
#define bfd_get_section_vma(ptr, section) bfd_section_vma(section)
#endif /* !defined(bfd_get_section_size) */
typedef struct {
bfd* bfdh;
asymbol** syms;
asymbol** dsyms;
} bfd_t;
/*
* This is probably the only define which was added with binutils 2.29, so we us
* it, do decide which disassembler() prototype from dis-asm.h to use
*/
#if defined(FOR_EACH_DISASSEMBLER_OPTION)
#define _HF_BFD_GE_2_29
#endif
static pthread_mutex_t arch_bfd_mutex = PTHREAD_MUTEX_INITIALIZER;
static bool arch_bfdInit(pid_t pid, bfd_t* bfdParams) {
char fname[PATH_MAX];
snprintf(fname, sizeof(fname), "/proc/%d/exe", pid);
if ((bfdParams->bfdh = bfd_openr(fname, 0)) == NULL) {
LOG_E("bfd_openr(%s) failed", fname);
return false;
}
if (!bfd_check_format(bfdParams->bfdh, bfd_object)) {
LOG_E("bfd_check_format() failed");
return false;
}
int storage_needed = bfd_get_symtab_upper_bound(bfdParams->bfdh);
if (storage_needed <= 0) {
LOG_E("bfd_get_symtab_upper_bound() returned '%d'", storage_needed);
return false;
}
bfdParams->syms = (asymbol**)util_Calloc(storage_needed);
bfd_canonicalize_symtab(bfdParams->bfdh, bfdParams->syms);
storage_needed = bfd_get_dynamic_symtab_upper_bound(bfdParams->bfdh);
if (storage_needed <= 0) {
LOG_E("bfd_get_dynamic_symtab_upper_bound() returned '%d'", storage_needed);
return false;
}
bfdParams->dsyms = (asymbol**)util_Calloc(storage_needed);
bfd_canonicalize_dynamic_symtab(bfdParams->bfdh, bfdParams->dsyms);
return true;
}
static void arch_bfdDestroy(bfd_t* bfdParams) {
if (bfdParams->syms) {
free(bfdParams->syms);
bfdParams->syms = NULL;
}
if (bfdParams->dsyms) {
free(bfdParams->dsyms);
bfdParams->dsyms = NULL;
}
if (bfdParams->bfdh) {
bfd_close(bfdParams->bfdh);
bfdParams->bfdh = NULL;
}
}
void arch_bfdDemangle(funcs_t* funcs, size_t funcCnt) {
/* From -liberty, should be depended on by (included with) libbfd */
__attribute__((weak)) char* cplus_demangle(const char* mangled, int options);
if (!cplus_demangle) {
return;
}
for (size_t i = 0; i < funcCnt; i++) {
if (strncmp(funcs[i].func, "_Z", 2) == 0) {
char* new_name = cplus_demangle(funcs[i].func, 0);
if (new_name) {
snprintf(funcs[i].func, sizeof(funcs[i].func), "%s", new_name);
free(new_name);
}
}
}
}
static struct bfd_section* arch_getSectionForPc(bfd* bfdh, uint64_t pc) {
for (struct bfd_section* section = bfdh->sections; section; section = section->next) {
uintptr_t vma = (uintptr_t)bfd_get_section_vma(bfdh, section);
uintptr_t sz = (uintptr_t)bfd_get_section_size(section);
if ((pc > vma) && (pc < (vma + sz))) {
return section;
}
}
return NULL;
}
void arch_bfdResolveSyms(pid_t pid, funcs_t* funcs, size_t num) {
/* Guess what? libbfd is not multi-threading safe */
MX_SCOPED_LOCK(&arch_bfd_mutex);
bfd_init();
bfd_t bfdParams = {
.bfdh = NULL,
.syms = NULL,
.dsyms = NULL,
};
if (!arch_bfdInit(pid, &bfdParams)) {
return;
}
const char* func;
const char* file;
unsigned int line;
for (unsigned int i = 0; i < num; i++) {
snprintf(funcs[i].func, sizeof(funcs->func), "UNKNOWN");
if (funcs[i].pc == NULL) {
continue;
}
struct bfd_section* section = arch_getSectionForPc(bfdParams.bfdh, (uintptr_t)funcs[i].pc);
if (section == NULL) {
continue;
}
long sec_offset = (long)funcs[i].pc - bfd_get_section_vma(bfdParams.bfdh, section);
if (bfd_find_nearest_line(
bfdParams.bfdh, section, bfdParams.syms, sec_offset, &file, &func, &line) == TRUE) {
snprintf(funcs[i].func, sizeof(funcs->func), "%s", func ? func : "");
snprintf(funcs[i].file, sizeof(funcs->file), "%s", file ? file : "");
funcs[i].line = line;
}
if (bfd_find_nearest_line(
bfdParams.bfdh, section, bfdParams.syms, sec_offset, &file, &func, &line) == TRUE) {
snprintf(funcs[i].func, sizeof(funcs->func), "%s", func ? func : "");
snprintf(funcs[i].file, sizeof(funcs->file), "%s", file ? file : "");
funcs[i].line = line;
}
}
arch_bfdDestroy(&bfdParams);
}
static int arch_bfdFPrintF(void* buf, const char* fmt, ...) {
va_list args;
va_start(args, fmt);
int ret = util_vssnprintf(buf, _HF_INSTR_SZ, fmt, args);
va_end(args);
return ret;
}
void arch_bfdDisasm(pid_t pid, uint8_t* mem, size_t size, char* instr) {
MX_SCOPED_LOCK(&arch_bfd_mutex);
bfd_init();
char fname[PATH_MAX];
snprintf(fname, sizeof(fname), "/proc/%d/exe", pid);
bfd* bfdh = bfd_openr(fname, NULL);
if (bfdh == NULL) {
LOG_W("bfd_openr('/proc/%d/exe') failed", pid);
return;
}
if (!bfd_check_format(bfdh, bfd_object)) {
LOG_W("bfd_check_format() failed");
bfd_close(bfdh);
return;
}
#if defined(_HF_BFD_GE_2_29)
disassembler_ftype disassemble =
disassembler(bfd_get_arch(bfdh), bfd_little_endian(bfdh) ? FALSE : TRUE, 0, NULL);
#else
disassembler_ftype disassemble = disassembler(bfdh);
#endif // defined(_HD_BFD_GE_2_29)
if (disassemble == NULL) {
LOG_W("disassembler() failed");
bfd_close(bfdh);
return;
}
struct disassemble_info info;
init_disassemble_info(&info, instr, arch_bfdFPrintF);
info.arch = bfd_get_arch(bfdh);
info.mach = bfd_get_mach(bfdh);
info.buffer = mem;
info.buffer_length = size;
info.section = NULL;
info.endian = bfd_little_endian(bfdh) ? BFD_ENDIAN_LITTLE : BFD_ENDIAN_BIG;
disassemble_init_for_target(&info);
strcpy(instr, "");
if (disassemble(0, &info) <= 0) {
snprintf(instr, _HF_INSTR_SZ, "[DIS-ASM_FAILURE]");
}
bfd_close(bfdh);
}
#endif /* !defined(_HF_LINUX_NO_BFD) */