From a9e59337776f75306caa25fda578501900b5aa63 Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Fri, 14 Jul 2023 19:53:42 +0200
Subject: [PATCH] update qemu

---
 fuzzers/aflplusplus_qemu/builder.Dockerfile |  3 ++-
 fuzzers/aflplusplus_qemu/fuzzer.py          | 18 +++++++++++-------
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/fuzzers/aflplusplus_qemu/builder.Dockerfile b/fuzzers/aflplusplus_qemu/builder.Dockerfile
index 410f73645..ab1278653 100644
--- a/fuzzers/aflplusplus_qemu/builder.Dockerfile
+++ b/fuzzers/aflplusplus_qemu/builder.Dockerfile
@@ -42,4 +42,5 @@ RUN cd /afl && \
     cp utils/aflpp_driver/libAFLQemuDriver.a /libAFLDriver.a && \
     cp utils/aflpp_driver/aflpp_qemu_driver_hook.so /
 
-COPY qemu_get_symbol_addr.sh run.sh /
+COPY run.sh /
+COPY qemu_get_symbol_addr.sh /
\ No newline at end of file
diff --git a/fuzzers/aflplusplus_qemu/fuzzer.py b/fuzzers/aflplusplus_qemu/fuzzer.py
index 68b98b894..27556538c 100755
--- a/fuzzers/aflplusplus_qemu/fuzzer.py
+++ b/fuzzers/aflplusplus_qemu/fuzzer.py
@@ -23,34 +23,38 @@
 def build():
     """Build benchmark."""
     aflplusplus_fuzzer.build('qemu')
-    shutil.copy('/aflpp_qemu_driver_hook.so', os.environ['OUT'])
     shutil.copy('/run.sh', os.environ['OUT'])
     shutil.copy('/qemu_get_symbol_addr.sh', os.environ['OUT'])
 
 
 def fuzz(input_corpus, output_corpus, target_binary):
     """Run fuzzer."""
-    # Get LLVMFuzzerTestOneInput address.
+    # Get afl_qemu_driver_stdin_input address.
     nm_proc = subprocess.run([
         'sh', '-c', 'qemu_get_symbol_addr.sh \'' + target_binary +
-        '\' LLVMFuzzerTestOneInput'
+        '\' afl_qemu_driver_stdin_input'
     ],
                              stdout=subprocess.PIPE,
                              check=True)
 
     target_func = nm_proc.stdout.split()[0].decode('utf-8')
-    print('[fuzz] LLVMFuzzerTestOneInput() address =', target_func)
+    print('[fuzz] afl_qemu_driver_stdin_input() address =', target_func)
 
     # Fuzzer options for qemu_mode.
     flags = ['-Q', '-c0']
 
-    os.environ['AFL_INST_LIBS'] = '1'
+    # A few targets need to have all shared libraries instrumented.
+    benchmark = os.environ['BENCHMARK']
+    if benchmark == 'systemd_fuzz-link-parser' or
+       benchmark == 'lcms_cms_transform_fuzzer' or
+       benchmark == 'harfbuzz_hb-shape-fuzzer':
+        os.environ['AFL_INST_LIBS'] = '1'
+
     os.environ['AFL_ENTRYPOINT'] = target_func
 
     os.environ['AFL_QEMU_PERSISTENT_ADDR'] = target_func
     os.environ['AFL_QEMU_PERSISTENT_CNT'] = '1000000'
-    os.environ['AFL_QEMU_PERSISTENT_HOOK'] = '/out/aflpp_qemu_driver_hook.so'
-    #os.environ['AFL_QEMU_DRIVER_NO_HOOK'] = '1'
+    os.environ['AFL_QEMU_DRIVER_NO_HOOK'] = '1'
 
     aflplusplus_fuzzer.fuzz(input_corpus,
                             output_corpus,