update qemu

google · Jul 14, 2023 · a9e5933 · a9e5933
1 parent c76809d
commit a9e5933
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 8 deletions.
diff --git a/fuzzers/aflplusplus_qemu/builder.Dockerfile b/fuzzers/aflplusplus_qemu/builder.Dockerfile
@@ -42,4 +42,5 @@ RUN cd /afl && \
     cp utils/aflpp_driver/libAFLQemuDriver.a /libAFLDriver.a && \
     cp utils/aflpp_driver/aflpp_qemu_driver_hook.so /
 
-COPY qemu_get_symbol_addr.sh run.sh /
+COPY run.sh /
+COPY qemu_get_symbol_addr.sh /
diff --git a/fuzzers/aflplusplus_qemu/fuzzer.py b/fuzzers/aflplusplus_qemu/fuzzer.py
@@ -23,34 +23,38 @@
 def build():
     """Build benchmark."""
     aflplusplus_fuzzer.build('qemu')
-    shutil.copy('/aflpp_qemu_driver_hook.so', os.environ['OUT'])
     shutil.copy('/run.sh', os.environ['OUT'])
     shutil.copy('/qemu_get_symbol_addr.sh', os.environ['OUT'])
 
 
 def fuzz(input_corpus, output_corpus, target_binary):
     """Run fuzzer."""
-    # Get LLVMFuzzerTestOneInput address.
+    # Get afl_qemu_driver_stdin_input address.
     nm_proc = subprocess.run([
         'sh', '-c', 'qemu_get_symbol_addr.sh \'' + target_binary +
-        '\' LLVMFuzzerTestOneInput'
+        '\' afl_qemu_driver_stdin_input'
     ],
                              stdout=subprocess.PIPE,
                              check=True)
 
     target_func = nm_proc.stdout.split()[0].decode('utf-8')
-    print('[fuzz] LLVMFuzzerTestOneInput() address =', target_func)
+    print('[fuzz] afl_qemu_driver_stdin_input() address =', target_func)
 
     # Fuzzer options for qemu_mode.
     flags = ['-Q', '-c0']
 
-    os.environ['AFL_INST_LIBS'] = '1'
+    # A few targets need to have all shared libraries instrumented.
+    benchmark = os.environ['BENCHMARK']
+    if benchmark == 'systemd_fuzz-link-parser' or
+       benchmark == 'lcms_cms_transform_fuzzer' or
+       benchmark == 'harfbuzz_hb-shape-fuzzer':
+        os.environ['AFL_INST_LIBS'] = '1'
+
     os.environ['AFL_ENTRYPOINT'] = target_func
 
     os.environ['AFL_QEMU_PERSISTENT_ADDR'] = target_func
     os.environ['AFL_QEMU_PERSISTENT_CNT'] = '1000000'
-    os.environ['AFL_QEMU_PERSISTENT_HOOK'] = '/out/aflpp_qemu_driver_hook.so'
-    #os.environ['AFL_QEMU_DRIVER_NO_HOOK'] = '1'
+    os.environ['AFL_QEMU_DRIVER_NO_HOOK'] = '1'
 
     aflplusplus_fuzzer.fuzz(input_corpus,
                             output_corpus,