From b984e82d8df73018372b5a79bf4b3cc6ab665b66 Mon Sep 17 00:00:00 2001
From: Toby Murray <toby.murray@unimelb.edu.au>
Date: Fri, 21 Sep 2018 14:48:35 +1000
Subject: [PATCH] Dynamically allocate 'memory' and 'regs'

---
 src/machine-vuln1.c | 21 +++++++++++++++++----
 src/machine-vuln2.c | 21 +++++++++++++++++----
 src/machine-vuln3.c | 21 +++++++++++++++++----
 src/machine-vuln4.c | 21 +++++++++++++++++----
 src/machine-vuln5.c | 21 +++++++++++++++++----
 src/machine.c       | 21 +++++++++++++++++----
 6 files changed, 102 insertions(+), 24 deletions(-)

diff --git a/src/machine-vuln1.c b/src/machine-vuln1.c
index 46e79b6..916c9f6 100644
--- a/src/machine-vuln1.c
+++ b/src/machine-vuln1.c
@@ -45,18 +45,28 @@ const char INSTRUCTION_JZ[] = "jz";
 
 /* we force building with -fwrapv to ensure that signed overflow is defined
    to wrap around */
-int32_t memory[MEMORY_SIZE];
-int32_t regs[NUM_REGS];
+/* we dynamically allocate memory and regs since AdddressSanitizer appears
+ * to more reliably catch out of bounds memory accesses for heap allocated
+ * buffers than for global variables */
+int32_t * memory = NULL;
+int32_t * regs = NULL;
 
 unsigned int count = 0; /* counts number of instructions executed so far */
 
 
 static void machine_init(void){
-  memset(memory,0,sizeof(memory));
-  memset(regs,0,sizeof(regs));
+  memory = malloc(sizeof(int32_t)*MEMORY_SIZE);
+  regs = malloc(sizeof(int32_t)*NUM_REGS);
+  memset(memory,0,sizeof(int32_t)*MEMORY_SIZE);
+  memset(regs,0,sizeof(int32_t)*NUM_REGS);
   count = 0;
 }
 
+static void machine_free(void){
+  free(memory);
+  free(regs);
+}
+
 static void do_add(unsigned int dest, unsigned int src1, unsigned int src2)
 {
   regs[dest] = regs[src1] + regs[src2];
@@ -539,6 +549,7 @@ int run_machine(const char * const filename, int cycles){
   const int res = read_program(filename);
   if (res < 0){
     fprintf(stderr,"Error reading program from %s\n",filename);
+    machine_free();
     return 1;
   }
 
@@ -548,10 +559,12 @@ int run_machine(const char * const filename, int cycles){
   int32_t result;
   if (execute(numLines,cycles,&result) != 0){
     fprintf(stderr,"Program %s didn't execute successfully!\n",filename);
+    machine_free();
     return 1;
   }
   
   printf("Program %s executed successfully. Result: %d\n",filename,result);
+  machine_free();
   return 0;
 }
 
diff --git a/src/machine-vuln2.c b/src/machine-vuln2.c
index 46e79b6..916c9f6 100644
--- a/src/machine-vuln2.c
+++ b/src/machine-vuln2.c
@@ -45,18 +45,28 @@ const char INSTRUCTION_JZ[] = "jz";
 
 /* we force building with -fwrapv to ensure that signed overflow is defined
    to wrap around */
-int32_t memory[MEMORY_SIZE];
-int32_t regs[NUM_REGS];
+/* we dynamically allocate memory and regs since AdddressSanitizer appears
+ * to more reliably catch out of bounds memory accesses for heap allocated
+ * buffers than for global variables */
+int32_t * memory = NULL;
+int32_t * regs = NULL;
 
 unsigned int count = 0; /* counts number of instructions executed so far */
 
 
 static void machine_init(void){
-  memset(memory,0,sizeof(memory));
-  memset(regs,0,sizeof(regs));
+  memory = malloc(sizeof(int32_t)*MEMORY_SIZE);
+  regs = malloc(sizeof(int32_t)*NUM_REGS);
+  memset(memory,0,sizeof(int32_t)*MEMORY_SIZE);
+  memset(regs,0,sizeof(int32_t)*NUM_REGS);
   count = 0;
 }
 
+static void machine_free(void){
+  free(memory);
+  free(regs);
+}
+
 static void do_add(unsigned int dest, unsigned int src1, unsigned int src2)
 {
   regs[dest] = regs[src1] + regs[src2];
@@ -539,6 +549,7 @@ int run_machine(const char * const filename, int cycles){
   const int res = read_program(filename);
   if (res < 0){
     fprintf(stderr,"Error reading program from %s\n",filename);
+    machine_free();
     return 1;
   }
 
@@ -548,10 +559,12 @@ int run_machine(const char * const filename, int cycles){
   int32_t result;
   if (execute(numLines,cycles,&result) != 0){
     fprintf(stderr,"Program %s didn't execute successfully!\n",filename);
+    machine_free();
     return 1;
   }
   
   printf("Program %s executed successfully. Result: %d\n",filename,result);
+  machine_free();
   return 0;
 }
 
diff --git a/src/machine-vuln3.c b/src/machine-vuln3.c
index 46e79b6..916c9f6 100644
--- a/src/machine-vuln3.c
+++ b/src/machine-vuln3.c
@@ -45,18 +45,28 @@ const char INSTRUCTION_JZ[] = "jz";
 
 /* we force building with -fwrapv to ensure that signed overflow is defined
    to wrap around */
-int32_t memory[MEMORY_SIZE];
-int32_t regs[NUM_REGS];
+/* we dynamically allocate memory and regs since AdddressSanitizer appears
+ * to more reliably catch out of bounds memory accesses for heap allocated
+ * buffers than for global variables */
+int32_t * memory = NULL;
+int32_t * regs = NULL;
 
 unsigned int count = 0; /* counts number of instructions executed so far */
 
 
 static void machine_init(void){
-  memset(memory,0,sizeof(memory));
-  memset(regs,0,sizeof(regs));
+  memory = malloc(sizeof(int32_t)*MEMORY_SIZE);
+  regs = malloc(sizeof(int32_t)*NUM_REGS);
+  memset(memory,0,sizeof(int32_t)*MEMORY_SIZE);
+  memset(regs,0,sizeof(int32_t)*NUM_REGS);
   count = 0;
 }
 
+static void machine_free(void){
+  free(memory);
+  free(regs);
+}
+
 static void do_add(unsigned int dest, unsigned int src1, unsigned int src2)
 {
   regs[dest] = regs[src1] + regs[src2];
@@ -539,6 +549,7 @@ int run_machine(const char * const filename, int cycles){
   const int res = read_program(filename);
   if (res < 0){
     fprintf(stderr,"Error reading program from %s\n",filename);
+    machine_free();
     return 1;
   }
 
@@ -548,10 +559,12 @@ int run_machine(const char * const filename, int cycles){
   int32_t result;
   if (execute(numLines,cycles,&result) != 0){
     fprintf(stderr,"Program %s didn't execute successfully!\n",filename);
+    machine_free();
     return 1;
   }
   
   printf("Program %s executed successfully. Result: %d\n",filename,result);
+  machine_free();
   return 0;
 }
 
diff --git a/src/machine-vuln4.c b/src/machine-vuln4.c
index 46e79b6..916c9f6 100644
--- a/src/machine-vuln4.c
+++ b/src/machine-vuln4.c
@@ -45,18 +45,28 @@ const char INSTRUCTION_JZ[] = "jz";
 
 /* we force building with -fwrapv to ensure that signed overflow is defined
    to wrap around */
-int32_t memory[MEMORY_SIZE];
-int32_t regs[NUM_REGS];
+/* we dynamically allocate memory and regs since AdddressSanitizer appears
+ * to more reliably catch out of bounds memory accesses for heap allocated
+ * buffers than for global variables */
+int32_t * memory = NULL;
+int32_t * regs = NULL;
 
 unsigned int count = 0; /* counts number of instructions executed so far */
 
 
 static void machine_init(void){
-  memset(memory,0,sizeof(memory));
-  memset(regs,0,sizeof(regs));
+  memory = malloc(sizeof(int32_t)*MEMORY_SIZE);
+  regs = malloc(sizeof(int32_t)*NUM_REGS);
+  memset(memory,0,sizeof(int32_t)*MEMORY_SIZE);
+  memset(regs,0,sizeof(int32_t)*NUM_REGS);
   count = 0;
 }
 
+static void machine_free(void){
+  free(memory);
+  free(regs);
+}
+
 static void do_add(unsigned int dest, unsigned int src1, unsigned int src2)
 {
   regs[dest] = regs[src1] + regs[src2];
@@ -539,6 +549,7 @@ int run_machine(const char * const filename, int cycles){
   const int res = read_program(filename);
   if (res < 0){
     fprintf(stderr,"Error reading program from %s\n",filename);
+    machine_free();
     return 1;
   }
 
@@ -548,10 +559,12 @@ int run_machine(const char * const filename, int cycles){
   int32_t result;
   if (execute(numLines,cycles,&result) != 0){
     fprintf(stderr,"Program %s didn't execute successfully!\n",filename);
+    machine_free();
     return 1;
   }
   
   printf("Program %s executed successfully. Result: %d\n",filename,result);
+  machine_free();
   return 0;
 }
 
diff --git a/src/machine-vuln5.c b/src/machine-vuln5.c
index 46e79b6..916c9f6 100644
--- a/src/machine-vuln5.c
+++ b/src/machine-vuln5.c
@@ -45,18 +45,28 @@ const char INSTRUCTION_JZ[] = "jz";
 
 /* we force building with -fwrapv to ensure that signed overflow is defined
    to wrap around */
-int32_t memory[MEMORY_SIZE];
-int32_t regs[NUM_REGS];
+/* we dynamically allocate memory and regs since AdddressSanitizer appears
+ * to more reliably catch out of bounds memory accesses for heap allocated
+ * buffers than for global variables */
+int32_t * memory = NULL;
+int32_t * regs = NULL;
 
 unsigned int count = 0; /* counts number of instructions executed so far */
 
 
 static void machine_init(void){
-  memset(memory,0,sizeof(memory));
-  memset(regs,0,sizeof(regs));
+  memory = malloc(sizeof(int32_t)*MEMORY_SIZE);
+  regs = malloc(sizeof(int32_t)*NUM_REGS);
+  memset(memory,0,sizeof(int32_t)*MEMORY_SIZE);
+  memset(regs,0,sizeof(int32_t)*NUM_REGS);
   count = 0;
 }
 
+static void machine_free(void){
+  free(memory);
+  free(regs);
+}
+
 static void do_add(unsigned int dest, unsigned int src1, unsigned int src2)
 {
   regs[dest] = regs[src1] + regs[src2];
@@ -539,6 +549,7 @@ int run_machine(const char * const filename, int cycles){
   const int res = read_program(filename);
   if (res < 0){
     fprintf(stderr,"Error reading program from %s\n",filename);
+    machine_free();
     return 1;
   }
 
@@ -548,10 +559,12 @@ int run_machine(const char * const filename, int cycles){
   int32_t result;
   if (execute(numLines,cycles,&result) != 0){
     fprintf(stderr,"Program %s didn't execute successfully!\n",filename);
+    machine_free();
     return 1;
   }
   
   printf("Program %s executed successfully. Result: %d\n",filename,result);
+  machine_free();
   return 0;
 }
 
diff --git a/src/machine.c b/src/machine.c
index 46e79b6..916c9f6 100644
--- a/src/machine.c
+++ b/src/machine.c
@@ -45,18 +45,28 @@ const char INSTRUCTION_JZ[] = "jz";
 
 /* we force building with -fwrapv to ensure that signed overflow is defined
    to wrap around */
-int32_t memory[MEMORY_SIZE];
-int32_t regs[NUM_REGS];
+/* we dynamically allocate memory and regs since AdddressSanitizer appears
+ * to more reliably catch out of bounds memory accesses for heap allocated
+ * buffers than for global variables */
+int32_t * memory = NULL;
+int32_t * regs = NULL;
 
 unsigned int count = 0; /* counts number of instructions executed so far */
 
 
 static void machine_init(void){
-  memset(memory,0,sizeof(memory));
-  memset(regs,0,sizeof(regs));
+  memory = malloc(sizeof(int32_t)*MEMORY_SIZE);
+  regs = malloc(sizeof(int32_t)*NUM_REGS);
+  memset(memory,0,sizeof(int32_t)*MEMORY_SIZE);
+  memset(regs,0,sizeof(int32_t)*NUM_REGS);
   count = 0;
 }
 
+static void machine_free(void){
+  free(memory);
+  free(regs);
+}
+
 static void do_add(unsigned int dest, unsigned int src1, unsigned int src2)
 {
   regs[dest] = regs[src1] + regs[src2];
@@ -539,6 +549,7 @@ int run_machine(const char * const filename, int cycles){
   const int res = read_program(filename);
   if (res < 0){
     fprintf(stderr,"Error reading program from %s\n",filename);
+    machine_free();
     return 1;
   }
 
@@ -548,10 +559,12 @@ int run_machine(const char * const filename, int cycles){
   int32_t result;
   if (execute(numLines,cycles,&result) != 0){
     fprintf(stderr,"Program %s didn't execute successfully!\n",filename);
+    machine_free();
     return 1;
   }
   
   printf("Program %s executed successfully. Result: %d\n",filename,result);
+  machine_free();
   return 0;
 }
 
-- 
GitLab