uc_context_save/uc_context_restore (still) does not work properly for some ARM CPUs

[michalmasrna1]

uc_context_save() stores dynamically allocated pointers which prevents the context to be restored into another uc_engine and leads to double frees on uc_close() and other memory problems.

The issue has already been discussed in #1635 . It seems it has not been resolved properly for all ARM CPUs.

Code to reproduce (simplified version of test_arm_context_save):

#include <unicorn/unicorn.h>

void main() {
    uc_engine *uc;
    uc_engine *uc2;
    uc_context *ctx;

    uc_open(UC_ARCH_ARM, UC_MODE_THUMB, &uc);
    uc_ctl_set_cpu_model(uc, UC_CPU_ARM_CORTEX_M4);

    uc_context_alloc(uc, &ctx);
    uc_context_save(uc, ctx);

    uc_open(UC_ARCH_ARM, UC_MODE_THUMB, &uc2);
    uc_ctl_set_cpu_model(uc2, UC_CPU_ARM_CORTEX_M4);

    uc_context_restore(uc2, ctx);
    uc_context_free(ctx);
    uc_close(uc); // Frees some memory which will also be freed by uc_close(uc2)
    uc_close(uc2); // free(): double free detected in tcache 2
}

The affected CPUs:

UC_CPU_ARM_CORTEX_M3
UC_CPU_ARM_CORTEX_M4
UC_CPU_ARM_CORTEX_M7
UC_CPU_ARM_CORTEX_M33
UC_CPU_ARM_CORTEX_R5
UC_CPU_ARM_CORTEX_R5F

For UC_CPU_ARM_CORTEX_M33 the pertinent pointers are in pmsav8 and sau, for the rest they are in pmsav7.

[wtdcode]

Would you like to submit a patch?

[michalmasrna1]

Not really, I have just noticed this while using unicorn but I have no experience or insight into the codebase. If I can be of some reasonable assistance or provide more information then let me know but I do not immediately see how.