frida-rust icon indicating copy to clipboard operation
frida-rust copied to clipboard

Published 20 hours ago verified publisher icon frida

`Stalker` does not ensure the life-time of the transformer passed to `follow_me`.

Open WorksButNotTested opened this issue 2 years ago • 9 comments

The transformer provided to Stalker.follow_me should remain in scope until the corresponding unfollow_me is called. It does not appear that this life-time constraint is described by the wrapper class here... https://github.com/frida/frida-rust/blob/c93bd2303b1f6be0813e6b4ad0c8b6e4b82fd9db/frida-gum/src/stalker.rs#L162

Perhaps the follow_me function should return a handle which calls unfollow_me when it falls out of scope and its Drop is called and whose lifetime is tied to the provided transformer? Or perhaps it is just simpler to ensure that the transformer outlives the stalker instance?

Its probably worth checking for other instances of the same issue elsewhere as I may have done the same for the observer stuff I was working on?

WorksButNotTested avatar Jan 06 '23 16:01 WorksButNotTested

If the transformer isn't used in other contexts (?), the function could also take transformer by value, and store it in the stalker struct

domenukk avatar Jan 06 '23 16:01 domenukk

I am not sure that it is simpler to ensure that the transformer outlives the stalker instance. Personally, I feel that follow_me returning some sort of cookie that is passed to unfollow_me is a good idea. It also ensures that unfollow_me cannot be called multiple times, or without a matching call to follow_me. If either of you are interested in implementing this feature, I am happy to review. Otherwise I can work on it when time permits.

meme avatar Jan 09 '23 22:01 meme

Also, does this line take a double-reference to the event-sink into the user_data? https://github.com/frida/frida-rust/blob/6d287d10c3f248c6d2e9fd1510d1313df1d44084/frida-gum/src/stalker/event_sink.rs#L142

I had a few problems when I copied the approach for the StalkerObserver and end up with something subtly different? https://github.com/frida/frida-rust/blob/6d287d10c3f248c6d2e9fd1510d1313df1d44084/frida-gum/src/stalker/observer.rs#L46

WorksButNotTested avatar Jan 09 '23 22:01 WorksButNotTested

Probably the function should just take a mut ptr directly(?) At least, accessing a &mut borrow from FFI can lead to UB if it's still used in rust afterwards (not sure if it ever is?)

domenukk avatar Jan 09 '23 23:01 domenukk

Is this issue closed?

s1341 avatar Dec 13 '23 10:12 s1341

I'm not sure. Looks like the PR which mentioned it above was closed and not merged?

WorksButNotTested avatar Dec 13 '23 18:12 WorksButNotTested

do you mind taking a peek at the code to see if the issue has been fixed?

s1341 avatar Dec 14 '23 05:12 s1341

From what I can see, it looks like these 3 APIs mentioned above might all have the same issue, that they take a parameter by reference and expect that it's lifetime extends beyond that of just the function call:

WorksButNotTested avatar Dec 15 '23 12:12 WorksButNotTested

Do you feel like taking a stab at a PR to fix them?

s1341 avatar Dec 17 '23 07:12 s1341