Skip to content

Commit

Permalink
targetcmp: remove queue
Browse files Browse the repository at this point in the history
The queue is intended to avoid rereading guest pointers, but it assumes
that the same pointer always has the same data, which isn't always true.
For example, a program can compare a target string to a buffer, then
change the contents of the buffer and compare again, and the queue will
prevent targetcmp from tracking the second comparison.
  • Loading branch information
be32826 authored and Andrew Fasano committed Apr 29, 2024
1 parent f2a59cd commit 8205b08
Showing 1 changed file with 0 additions and 24 deletions.
24 changes: 0 additions & 24 deletions panda/plugins/targetcmp/targetcmp.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -21,23 +21,6 @@ size_t target_str_len;
char *target_str;
std::ofstream outfile;

// We track the last QUEUE_SIZE addresses we've checked to avoid rereading guest pointers
#define QUEUE_SIZE 100
std::atomic<size_t> queue_idx(0);
std::atomic<target_ulong> queue[QUEUE_SIZE];
// Now we'll define a function to add to the queue
void add_to_queue(target_ulong addr) {
size_t idx = queue_idx.fetch_add(1);
queue[idx % QUEUE_SIZE] = addr;
}
// And a function to check if an address is in the queue
bool in_queue(target_ulong addr) {
for (size_t i = 0; i < QUEUE_SIZE; i++) {
if (queue[i] == addr) return true;
}
return false;
}

// C++ set for storing unique string matches
std::set<std::string> matches;

Expand Down Expand Up @@ -66,13 +49,6 @@ void on_match(CPUState* cpu, target_ulong func_addr, target_ulong *args, char* v

target_ulong target_ptr = args[matching_idx == 0 ? 1 : 0]; // If we matched arg0, we want arg1 and vice versa

// If it's in the queue, we've already checked it - bail
if (in_queue(target_ptr)) {
return;
}
// Otherwise add it to the queue
add_to_queue(target_ptr);

size_t short_len = strlen(value);
size_t full_len = 4*short_len;
char* other_arg = (char*)malloc(full_len + 1);
Expand Down

0 comments on commit 8205b08

Please sign in to comment.