Merge pull request #47 from cube0x8/qemu_snapshot_typeconf

andreafioraldi · web-flow · commit 194b3a987c75 · 2024-02-07T15:13:43.000+01:00
Avoid type confusion on interval tree root node when creating snapshot
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
@@ -13679,15 +13679,20 @@ struct libafl_mapinfo {
     int flags, is_priv;
 };
 IntervalTreeNode * libafl_maps_first(IntervalTreeRoot * map_info);
-IntervalTreeNode * libafl_maps_next(IntervalTreeNode *node, struct libafl_mapinfo* ret);
+IntervalTreeNode * libafl_maps_next(IntervalTreeNode *node, struct libafl_mapinfo* ret, bool is_root);
 
 IntervalTreeNode * libafl_maps_first(IntervalTreeRoot * map_info) {
     return interval_tree_iter_first(map_info, 0, -1);
 }
 
-IntervalTreeNode * libafl_maps_next(IntervalTreeNode *node, struct libafl_mapinfo* ret) {
+IntervalTreeNode * libafl_maps_next(IntervalTreeNode *node, struct libafl_mapinfo* ret, bool is_root) {
     if (!node || !ret)
         return NULL;
+
+    if (is_root) {
+        return libafl_maps_next(interval_tree_iter_next(node, 0, -1), ret, false);
+    }
+
     MapInfo *e = container_of(node, MapInfo, itree);
 
     if (h2g_valid(e->itree.start)) {
@@ -13699,7 +13704,7 @@ IntervalTreeNode * libafl_maps_next(IntervalTreeNode *node, struct libafl_mapinf
             max : (uintptr_t) g2h_untagged(GUEST_ADDR_MAX) + 1;
 
         if (!page_check_range(h2g(min), max - min, flags)) {
-            return libafl_maps_next(interval_tree_iter_next(node, 0, -1), ret);
+            return libafl_maps_next(interval_tree_iter_next(node, 0, -1), ret, false);
         }
 
         int libafl_flags = 0;
@@ -13716,7 +13721,7 @@ IntervalTreeNode * libafl_maps_next(IntervalTreeNode *node, struct libafl_mapinf
 
         return interval_tree_iter_next(node, 0, -1);
     } else {
-        return libafl_maps_next(interval_tree_iter_next(node, 0, -1), ret);
+        return libafl_maps_next(interval_tree_iter_next(node, 0, -1), ret, false);
     }
 }
 
