Port qemu forkserver version to v1 #73
Conversation
In addition to upgrading the forkserver version, some ijon support code has been added. However, the afl-fuzz part also needs to be modified, mainly to expand the bitmap, but it is a bit complicated.
|
|
||
| static void qemu_ijon_init() { | ||
| use_ijon = !!getenv("AFL_QEMU_IJON"); | ||
| if (use_ijon == 0) return; |
There was a problem hiding this comment.
that line is pointless :-)
|
You could just add an AFL_QEMU_MAP_SIZE=xxxx and set this size in the qemu code for the map. |
accel/tcg/cpu-exec.c
Outdated
| __afl_map_size += MAP_SIZE_IJON_MAP + MAP_SIZE_IJON_BYTES; | ||
|
|
||
| ijon_map_ptr = afl_area_ptr + MAP_SIZE; | ||
| ijon_max_ptr = ijon_map_ptr + MAP_SIZE; |
There was a problem hiding this comment.
this needs to be MAP_SIZE_IJON_MAP instead
On the afl-fuzz side, the map_size set by qemu mode seems to be fixed at 64k. If the map_size passed by qemu through forkserver is larger than 64k, an error will be thrown. The current idea is to delete the qemu_mode part in line 2570. 
|
…pository Updated forkserver code and ijon code. Next, we will add yaml parsing function to read user ijon settings from the configuration file.
|
I can take care of the afl-forkserver.c part in AFL++ You just need to remove the qemu_mode checks from: |
In addition to upgrading the forkserver version, some ijon support code has been added. However, the afl-fuzz part also needs to be modified, mainly to expand the bitmap, but it is a bit complicated.