Use 64-byte buffers for registers (closes #3) (#11)

dargueta · Nov 12, 2019 · 7efa772 · 7efa772
1 parent e0cd200
commit 7efa772
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 6 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -1,6 +1,13 @@
 Changes
 =======
 
+1.0b6 (unreleased)
+------------------
+
+* Completely fixed buffer overflow when reading registers over 64 bits. (Closes `issue #3`_)
+
+.. _issue #3: https://github.com/dargueta/unicorn-lua/issues/3
+
 1.0b5 (2019-10-23)
 ------------------
 

diff --git a/include/unicornlua/registers.h b/include/unicornlua/registers.h
@@ -10,6 +10,16 @@
 #include "unicornlua/lua.h"
 
 
+/**
+ * Define a buffer large enough to hold the largest registers available.
+ *
+ * We need 64 bytes to be able to hold a 512-bit ZMM register. For now, only the
+ * low 32 or 64 bits are accessible to Lua. Eventually we'll figure out how to
+ * use the rest.
+*/
+typedef char register_buffer_type[64];
+
+
 /**
  * Write to an architecture register.
  */

diff --git a/src/registers.cpp b/src/registers.cpp
@@ -7,6 +7,7 @@
 #include "unicornlua/compat.h"
 #include "unicornlua/engine.h"
 #include "unicornlua/lua.h"
+#include "unicornlua/registers.h"
 #include "unicornlua/utils.h"
 
 
@@ -23,15 +24,17 @@ int ul_reg_write(lua_State *L) {
 
 
 int ul_reg_read(lua_State *L) {
-    uint_least64_t value = 0;
+    register_buffer_type value_buffer;
+    memset(value_buffer, 0, sizeof(value_buffer));
+
     uc_engine *engine = ul_toengine(L, 1);
     int register_id = luaL_checkinteger(L, 2);
 
-    uc_err error = uc_reg_read(engine, register_id, &value);
+    uc_err error = uc_reg_read(engine, register_id, value_buffer);
     if (error != UC_ERR_OK)
         return ul_crash_on_error(L, error);
 
-    lua_pushinteger(L, value);
+    lua_pushinteger(L, *reinterpret_cast<lua_Integer *>(value_buffer));
     return 1;
 }
 
@@ -80,23 +83,23 @@ int ul_reg_read_batch(lua_State *L) {
     int n_registers = lua_gettop(L) - 1;
 
     std::unique_ptr<int[]> register_ids(new int[n_registers]);
-    std::unique_ptr<int_least64_t[]> values(new int_least64_t[n_registers]);
+    std::unique_ptr<register_buffer_type[]> values(new register_buffer_type[n_registers]);
     std::unique_ptr<void *[]> p_values(new void *[n_registers]);
 
     for (int i = 0; i < n_registers; ++i) {
         register_ids[i] = (int)lua_tointeger(L, i + 2);
         p_values[i] = &values[i];
     }
 
-    memset(values.get(), 0, n_registers * sizeof(int_least64_t));
+    memset(values.get(), 0, n_registers * sizeof(register_buffer_type));
     uc_err error = uc_reg_read_batch(
         engine, register_ids.get(), p_values.get(), n_registers
     );
     if (error != UC_ERR_OK)
         return ul_crash_on_error(L, error);
 
     for (int i = 0; i < n_registers; ++i)
-        lua_pushinteger(L, values[i]);
+        lua_pushinteger(L, *reinterpret_cast<lua_Integer *>(values[i]));
 
     return n_registers;
 }