diff options
| author | Aleksandr Nogikh <nogikh@google.com> | 2022-09-28 13:17:51 +0000 |
|---|---|---|
| committer | Aleksandr Nogikh <wp32pw@gmail.com> | 2022-09-29 13:44:19 +0200 |
| commit | 21d737fbf9bad3f2a9190bc31212f29edbfcaeb3 (patch) | |
| tree | 3331ad8c04eac8cf0c13bb9aa448dbdb76693ac6 /prog/target.go | |
| parent | d9da3ac6347057f9742c199502651572f46f9bf0 (diff) | |
sys: control structural changes during neutralization
Ideally, we should properly support the already existing fix flag to
distinguish between fixing and checking, but for now at least let it
control whether structural changes are to be made.
Otherwise we get into trouble while hint-mutating syz_mount_image calls,
because we iterate over all call arguments and (possibly) remove them at
the same time. It leads to `bad group arg size %v, should be <= %v for
%#v type %#v` errors.
Diffstat (limited to 'prog/target.go')
| -rw-r--r-- | prog/target.go | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/prog/target.go b/prog/target.go index bc619d5b6..d50f1bf8f 100644 --- a/prog/target.go +++ b/prog/target.go @@ -33,7 +33,10 @@ type Target struct { // Neutralize neutralizes harmful calls by transforming them into non-harmful ones // (e.g. an ioctl that turns off console output is turned into ioctl that turns on output). - Neutralize func(c *Call) + // fixStructure determines whether it's allowed to make structural changes (e.g. add or + // remove arguments). It is helpful e.g. when we do neutralization while iterating over the + // arguments. + Neutralize func(c *Call, fixStructure bool) error // AnnotateCall annotates a syscall invocation in C reproducers. // The returned string will be placed inside a comment except for the @@ -128,7 +131,7 @@ func AllTargets() []*Target { } func (target *Target) lazyInit() { - target.Neutralize = func(c *Call) {} + target.Neutralize = func(c *Call, fixStructure bool) error { return nil } target.AnnotateCall = func(c ExecCall) string { return "" } target.initTarget() target.initArch(target) @@ -190,8 +193,10 @@ func (target *Target) GetConst(name string) uint64 { } func (target *Target) sanitize(c *Call, fix bool) error { - target.Neutralize(c) - return nil + // For now, even though we accept the fix argument, it does not have the full effect. + // It de facto only denies structural changes, e.g. deletions of arguments. + // TODO: rewrite the corresponding sys/*/init.go code. + return target.Neutralize(c, fix) } func RestoreLinks(syscalls []*Syscall, resources []*ResourceDesc, types []Type) { |