There is a null pointer reference bug

[wnxd]

Null pointer dereference when uc_context_reg_write writes to UC_ARM_REG_PC register.

qemu/target/arm/unicorn_arm.c -> reg_write

    CHECK_REG_TYPE(uint32_t);
    env->pc = (*(uint32_t *)value & ~1);
    env->thumb = (*(uint32_t *)value & 1);
 -> env->uc->thumb = (*(uint32_t *)value & 1);
    env->regs[15] = (*(uint32_t *)value & ~1);
    *setpc = 1;
    break;

I don't quite understand why arm has a custom uc_arm_context_save
It seems that there is no copy of the uc structure pointer to env->uc in the code

[wtdcode]

How did you construct the context object? Or could you post the full reproduction?

[wnxd]

uc_engine *uc;
uc_open(UC_ARCH_ARM, UC_MODE_ARM, &uc);
uc_context *ctx;
uc_context_alloc(uc, &ctx);
uc_context_save(uc, ctx);
uint32_t pc = 0x1000;
uc_context_reg_write(ctx, UC_ARM_REG_PC, &pc);

Similar to the code above

[wnxd]

Of course my original code is written in go.
Since arm64 is normal, only arm reports an error.
So I traced the call stack.
Only PC register writing will result in an error.

[wtdcode]

This usage was well tested here:

unicorn/tests/unit/test_arm.c

Line 754 in d568885

static void test_arm_context_save(void)

[wtdcode]

Oh I see, you are writing to PC register.

Yeah, this is a bug. We left out uc pointer here.

[wnxd]

It seems that arm's context is not saved using memcpy. It only copies the data related to the register, and does not copy env->uc.