Pass length to free register list callback

Allows language bindings like rust to free register lists sanely

architecture.cpp

@@ -515,7 +515,7 @@ size_t Architecture::GetSemanticFlagGroupLowLevelILCallback(void* ctxt, uint32_t
 }
 
 
-void Architecture::FreeRegisterListCallback(void*, uint32_t* regs)
+void Architecture::FreeRegisterListCallback(void*, uint32_t* regs, size_t)
 {
 	delete[] regs;
 }

binaryninjaapi.h

@@ -7752,7 +7752,7 @@ namespace BinaryNinja {
 		static size_t GetFlagConditionLowLevelILCallback(
 		    void* ctxt, BNLowLevelILFlagCondition cond, uint32_t semClass, BNLowLevelILFunction* il);
 		static size_t GetSemanticFlagGroupLowLevelILCallback(void* ctxt, uint32_t semGroup, BNLowLevelILFunction* il);
-		static void FreeRegisterListCallback(void* ctxt, uint32_t* regs);
+		static void FreeRegisterListCallback(void* ctxt, uint32_t* regs, size_t len);
 		static void GetRegisterInfoCallback(void* ctxt, uint32_t reg, BNRegisterInfo* result);
 		static uint32_t GetStackPointerRegisterCallback(void* ctxt);
 		static uint32_t GetLinkRegisterCallback(void* ctxt);
@@ -14505,7 +14505,7 @@ namespace BinaryNinja {
 		static uint32_t* GetCalleeSavedRegistersCallback(void* ctxt, size_t* count);
 		static uint32_t* GetIntegerArgumentRegistersCallback(void* ctxt, size_t* count);
 		static uint32_t* GetFloatArgumentRegistersCallback(void* ctxt, size_t* count);
-		static void FreeRegisterListCallback(void* ctxt, uint32_t* regs);
+		static void FreeRegisterListCallback(void* ctxt, uint32_t* regs, size_t len);
 
 		static bool AreArgumentRegistersSharedIndexCallback(void* ctxt);
 		static bool AreArgumentRegistersUsedForVarArgsCallback(void* ctxt);

binaryninjacore.h

@@ -37,14 +37,14 @@
 // Current ABI version for linking to the core. This is incremented any time
 // there are changes to the API that affect linking, including new functions,
 // new types, or modifications to existing functions or types.
-#define BN_CURRENT_CORE_ABI_VERSION 71
+#define BN_CURRENT_CORE_ABI_VERSION 72
 
 // Minimum ABI version that is supported for loading of plugins. Plugins that
 // are linked to an ABI version less than this will not be able to load and
 // will require rebuilding. The minimum version is increased when there are
 // incompatible changes that break binary compatibility, such as changes to
 // existing types or functions.
-#define BN_MINIMUM_CORE_ABI_VERSION 71
+#define BN_MINIMUM_CORE_ABI_VERSION 72
 
 #ifdef __GNUC__
 	#ifdef BINARYNINJACORE_LIBRARY
@@ -1839,7 +1839,7 @@ extern "C"
 		size_t (*getFlagConditionLowLevelIL)(
 		    void* ctxt, BNLowLevelILFlagCondition cond, uint32_t semClass, BNLowLevelILFunction* il);
 		size_t (*getSemanticFlagGroupLowLevelIL)(void* ctxt, uint32_t semGroup, BNLowLevelILFunction* il);
-		void (*freeRegisterList)(void* ctxt, uint32_t* regs);
+		void (*freeRegisterList)(void* ctxt, uint32_t* regs, size_t count);
 		void (*getRegisterInfo)(void* ctxt, uint32_t reg, BNRegisterInfo* result);
 		uint32_t (*getStackPointerRegister)(void* ctxt);
 		uint32_t (*getLinkRegister)(void* ctxt);
@@ -2518,7 +2518,7 @@ extern "C"
 		uint32_t* (*getCalleeSavedRegisters)(void* ctxt, size_t* count);
 		uint32_t* (*getIntegerArgumentRegisters)(void* ctxt, size_t* count);
 		uint32_t* (*getFloatArgumentRegisters)(void* ctxt, size_t* count);
-		void (*freeRegisterList)(void* ctxt, uint32_t* regs);
+		void (*freeRegisterList)(void* ctxt, uint32_t* regs, size_t len);
 
 		bool (*areArgumentRegistersSharedIndex)(void* ctxt);
 		bool (*isStackReservedForArgumentRegisters)(void* ctxt);

callingconvention.cpp

@@ -119,7 +119,7 @@ uint32_t* CallingConvention::GetFloatArgumentRegistersCallback(void* ctxt, size_
 }
 
 
-void CallingConvention::FreeRegisterListCallback(void*, uint32_t* regs)
+void CallingConvention::FreeRegisterListCallback(void*, uint32_t* regs, size_t)
 {
 	delete[] regs;
 }

python/architecture.py

@@ -999,7 +999,7 @@ def _get_semantic_flag_group_low_level_il(self, ctxt, sem_group, il):
 			log_error(traceback.format_exc())
 			return 0
 
-	def _free_register_list(self, ctxt, regs):
+	def _free_register_list(self, ctxt, regs, count):
 		try:
 			buf = ctypes.cast(regs, ctypes.c_void_p)
 			if buf.value not in self._pending_reg_lists:

python/callingconvention.py

@@ -281,7 +281,7 @@ def _get_float_arg_regs(self, ctxt, count):
 			count[0] = 0
 			return None
 
-	def _free_register_list(self, ctxt, regs):
+	def _free_register_list(self, ctxt, regs, count):
 		try:
 			buf = ctypes.cast(regs, ctypes.c_void_p)
 			if buf.value not in self._pending_reg_lists:

rust/src/architecture.rs

@@ -1940,104 +1940,117 @@ where
             None => BnString::new("invalid_flag_group").into_raw(),
         }
     }
-
-    fn alloc_register_list<I: Iterator<Item = u32> + ExactSizeIterator>(
-        items: I,
-        count: &mut usize,
-    ) -> *mut u32 {
-        let len = items.len();
-        *count = len;
-
-        if len == 0 {
-            ptr::null_mut()
-        } else {
-            let mut res: Box<[_]> = [len as u32].into_iter().chain(items).collect();
-
-            let raw = res.as_mut_ptr();
-            mem::forget(res);
-
-            unsafe { raw.offset(1) }
-        }
-    }
-
+
     extern "C" fn cb_registers_full_width<A>(ctxt: *mut c_void, count: *mut usize) -> *mut u32
     where
         A: 'static + Architecture<Handle = CustomArchitectureHandle<A>> + Send + Sync,
     {
         let custom_arch = unsafe { &*(ctxt as *mut A) };
-        let regs = custom_arch.registers_full_width();
+        let mut regs = custom_arch.registers_full_width();
 
-        alloc_register_list(regs.iter().map(|r| r.id()), unsafe { &mut *count })
+        // SAFETY: `count` is an out parameter
+        unsafe { *count = regs.len() };
+        let regs_ptr = regs.as_mut_ptr();
+        mem::forget(regs);
+        regs_ptr as *mut _
     }
 
     extern "C" fn cb_registers_all<A>(ctxt: *mut c_void, count: *mut usize) -> *mut u32
     where
         A: 'static + Architecture<Handle = CustomArchitectureHandle<A>> + Send + Sync,
     {
         let custom_arch = unsafe { &*(ctxt as *mut A) };
-        let regs = custom_arch.registers_all();
+        let mut regs = custom_arch.registers_all();
 
-        alloc_register_list(regs.iter().map(|r| r.id()), unsafe { &mut *count })
+        // SAFETY: `count` is an out parameter
+        unsafe { *count = regs.len() };
+        let regs_ptr = regs.as_mut_ptr();
+        mem::forget(regs);
+        regs_ptr as *mut _
     }
 
     extern "C" fn cb_registers_global<A>(ctxt: *mut c_void, count: *mut usize) -> *mut u32
     where
         A: 'static + Architecture<Handle = CustomArchitectureHandle<A>> + Send + Sync,
     {
         let custom_arch = unsafe { &*(ctxt as *mut A) };
-        let regs = custom_arch.registers_global();
+        let mut regs = custom_arch.registers_global();
 
-        alloc_register_list(regs.iter().map(|r| r.id()), unsafe { &mut *count })
+        // SAFETY: `count` is an out parameter
+        unsafe { *count = regs.len() };
+        let regs_ptr = regs.as_mut_ptr();
+        mem::forget(regs);
+        regs_ptr as *mut _
     }
 
     extern "C" fn cb_registers_system<A>(ctxt: *mut c_void, count: *mut usize) -> *mut u32
     where
         A: 'static + Architecture<Handle = CustomArchitectureHandle<A>> + Send + Sync,
     {
         let custom_arch = unsafe { &*(ctxt as *mut A) };
-        let regs = custom_arch.registers_system();
+        let mut regs = custom_arch.registers_system();
 
-        alloc_register_list(regs.iter().map(|r| r.id()), unsafe { &mut *count })
+        // SAFETY: `count` is an out parameter
+        unsafe { *count = regs.len() };
+        let regs_ptr = regs.as_mut_ptr();
+        mem::forget(regs);
+        regs_ptr as *mut _
     }
 
     extern "C" fn cb_flags<A>(ctxt: *mut c_void, count: *mut usize) -> *mut u32
     where
         A: 'static + Architecture<Handle = CustomArchitectureHandle<A>> + Send + Sync,
     {
         let custom_arch = unsafe { &*(ctxt as *mut A) };
-        let flags = custom_arch.flags();
+        let mut flags = custom_arch.flags();
 
-        alloc_register_list(flags.iter().map(|r| r.id()), unsafe { &mut *count })
+        // SAFETY: `count` is an out parameter
+        unsafe { *count = flags.len() };
+        let regs_ptr = flags.as_mut_ptr();
+        mem::forget(flags);
+        regs_ptr as *mut _
     }
 
     extern "C" fn cb_flag_write_types<A>(ctxt: *mut c_void, count: *mut usize) -> *mut u32
     where
         A: 'static + Architecture<Handle = CustomArchitectureHandle<A>> + Send + Sync,
     {
         let custom_arch = unsafe { &*(ctxt as *mut A) };
-        let flag_writes = custom_arch.flag_write_types();
+        let mut flag_writes = custom_arch.flag_write_types();
 
-        alloc_register_list(flag_writes.iter().map(|r| r.id()), unsafe { &mut *count })
+        // SAFETY: `count` is an out parameter
+        unsafe { *count = flag_writes.len() };
+        let regs_ptr = flag_writes.as_mut_ptr();
+        mem::forget(flag_writes);
+        regs_ptr as *mut _
     }
 
     extern "C" fn cb_semantic_flag_classes<A>(ctxt: *mut c_void, count: *mut usize) -> *mut u32
     where
         A: 'static + Architecture<Handle = CustomArchitectureHandle<A>> + Send + Sync,
     {
         let custom_arch = unsafe { &*(ctxt as *mut A) };
-        let flag_classes = custom_arch.flag_classes();
+        let mut flag_classes = custom_arch.flag_classes();
 
-        alloc_register_list(flag_classes.iter().map(|r| r.id()), unsafe { &mut *count })
+        // SAFETY: `count` is an out parameter
+        unsafe { *count = flag_classes.len() };
+        let regs_ptr = flag_classes.as_mut_ptr();
+        mem::forget(flag_classes);
+        regs_ptr as *mut _
     }
 
     extern "C" fn cb_semantic_flag_groups<A>(ctxt: *mut c_void, count: *mut usize) -> *mut u32
     where
         A: 'static + Architecture<Handle = CustomArchitectureHandle<A>> + Send + Sync,
     {
         let custom_arch = unsafe { &*(ctxt as *mut A) };
-        let flag_groups = custom_arch.flag_groups();
+        let mut flag_groups = custom_arch.flag_groups();
 
-        alloc_register_list(flag_groups.iter().map(|r| r.id()), unsafe { &mut *count })
+        // SAFETY: `count` is an out parameter
+        unsafe { *count = flag_groups.len() };
+        let regs_ptr = flag_groups.as_mut_ptr();
+        mem::forget(flag_groups);
+        regs_ptr as *mut _
     }
 
     extern "C" fn cb_flag_role<A>(ctxt: *mut c_void, flag: u32, class: u32) -> BNFlagRole
@@ -2067,9 +2080,13 @@ where
     {
         let custom_arch = unsafe { &*(ctxt as *mut A) };
         let class = custom_arch.flag_class_from_id(class);
-        let flags = custom_arch.flags_required_for_flag_condition(cond, class);
+        let mut flags = custom_arch.flags_required_for_flag_condition(cond, class);
 
-        alloc_register_list(flags.iter().map(|r| r.id()), unsafe { &mut *count })
+        // SAFETY: `count` is an out parameter
+        unsafe { *count = flags.len() };
+        let regs_ptr = flags.as_mut_ptr();
+        mem::forget(flags);
+        regs_ptr as *mut _
     }
 
     extern "C" fn cb_flags_required_for_semantic_flag_group<A>(
@@ -2083,8 +2100,13 @@ where
         let custom_arch = unsafe { &*(ctxt as *mut A) };
 
         if let Some(group) = custom_arch.flag_group_from_id(group) {
-            let flags = group.flags_required();
-            alloc_register_list(flags.iter().map(|r| r.id()), unsafe { &mut *count })
+            let mut flags = group.flags_required();
+
+            // SAFETY: `count` is an out parameter
+            unsafe { *count = flags.len() };
+            let regs_ptr = flags.as_mut_ptr();
+            mem::forget(flags);
+            regs_ptr as *mut _
         } else {
             unsafe {
                 *count = 0;
@@ -2152,8 +2174,13 @@ where
         let custom_arch = unsafe { &*(ctxt as *mut A) };
 
         if let Some(write_type) = custom_arch.flag_write_from_id(write_type) {
-            let written = write_type.flags_written();
-            alloc_register_list(written.iter().map(|f| f.id()), unsafe { &mut *count })
+            let mut written = write_type.flags_written();
+
+            // SAFETY: `count` is an out parameter
+            unsafe { *count = written.len() };
+            let regs_ptr = written.as_mut_ptr();
+            mem::forget(written);
+            regs_ptr as *mut _
         } else {
             unsafe {
                 *count = 0;
@@ -2284,15 +2311,13 @@ where
         lifter.unimplemented().expr_idx
     }
 
-    extern "C" fn cb_free_register_list(_ctxt: *mut c_void, regs: *mut u32) {
+    extern "C" fn cb_free_register_list(_ctxt: *mut c_void, regs: *mut u32, count: usize) {
         if regs.is_null() {
             return;
         }
 
         unsafe {
-            let actual_start = regs.offset(-1);
-            let len = *actual_start + 1;
-            let regs_ptr = ptr::slice_from_raw_parts_mut(actual_start, len.try_into().unwrap());
+            let regs_ptr = ptr::slice_from_raw_parts_mut(regs, count);
             let _regs = Box::from_raw(regs_ptr);
         }
     }
@@ -2361,9 +2386,13 @@ where
         A: 'static + Architecture<Handle = CustomArchitectureHandle<A>> + Send + Sync,
     {
         let custom_arch = unsafe { &*(ctxt as *mut A) };
-        let regs = custom_arch.register_stacks();
+        let mut regs = custom_arch.register_stacks();
 
-        alloc_register_list(regs.iter().map(|r| r.id()), unsafe { &mut *count })
+        // SAFETY: Passed in to be written
+        unsafe { *count = regs.len() };
+        let regs_ptr = regs.as_mut_ptr();
+        mem::forget(regs);
+        regs_ptr as *mut _
     }
 
     extern "C" fn cb_reg_stack_info<A>(
@@ -2419,8 +2448,13 @@ where
         A: 'static + Architecture<Handle = CustomArchitectureHandle<A>> + Send + Sync,
     {
         let custom_arch = unsafe { &*(ctxt as *mut A) };
-        let intrinsics = custom_arch.intrinsics();
-        alloc_register_list(intrinsics.iter().map(|i| i.id()), unsafe { &mut *count })
+        let mut intrinsics = custom_arch.intrinsics();
+
+        // SAFETY: Passed in to be written
+        unsafe { *count = intrinsics.len() };
+        let regs_ptr = intrinsics.as_mut_ptr();
+        mem::forget(intrinsics);
+        regs_ptr as *mut _
     }
 
     extern "C" fn cb_intrinsic_inputs<A>(