From 8205b08673e4b1f875212c954b8af2960c89f21c Mon Sep 17 00:00:00 2001 From: Benjamin Levy Date: Mon, 29 Apr 2024 11:09:49 -0400 Subject: [PATCH] targetcmp: remove queue The queue is intended to avoid rereading guest pointers, but it assumes that the same pointer always has the same data, which isn't always true. For example, a program can compare a target string to a buffer, then change the contents of the buffer and compare again, and the queue will prevent targetcmp from tracking the second comparison. --- panda/plugins/targetcmp/targetcmp.cpp | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/panda/plugins/targetcmp/targetcmp.cpp b/panda/plugins/targetcmp/targetcmp.cpp index aaf1100fee9..d42bac9cc64 100644 --- a/panda/plugins/targetcmp/targetcmp.cpp +++ b/panda/plugins/targetcmp/targetcmp.cpp @@ -21,23 +21,6 @@ size_t target_str_len; char *target_str; std::ofstream outfile; -// We track the last QUEUE_SIZE addresses we've checked to avoid rereading guest pointers -#define QUEUE_SIZE 100 -std::atomic queue_idx(0); -std::atomic queue[QUEUE_SIZE]; -// Now we'll define a function to add to the queue -void add_to_queue(target_ulong addr) { - size_t idx = queue_idx.fetch_add(1); - queue[idx % QUEUE_SIZE] = addr; -} -// And a function to check if an address is in the queue -bool in_queue(target_ulong addr) { - for (size_t i = 0; i < QUEUE_SIZE; i++) { - if (queue[i] == addr) return true; - } - return false; -} - // C++ set for storing unique string matches std::set matches; @@ -66,13 +49,6 @@ void on_match(CPUState* cpu, target_ulong func_addr, target_ulong *args, char* v target_ulong target_ptr = args[matching_idx == 0 ? 1 : 0]; // If we matched arg0, we want arg1 and vice versa - // If it's in the queue, we've already checked it - bail - if (in_queue(target_ptr)) { - return; - } - // Otherwise add it to the queue - add_to_queue(target_ptr); - size_t short_len = strlen(value); size_t full_len = 4*short_len; char* other_arg = (char*)malloc(full_len + 1);