diff --git a/fuzzers/binary_only/fuzzbench_qemu/Cargo.toml b/fuzzers/binary_only/fuzzbench_qemu/Cargo.toml index 778d81194d..0604ccf50e 100644 --- a/fuzzers/binary_only/fuzzbench_qemu/Cargo.toml +++ b/fuzzers/binary_only/fuzzbench_qemu/Cargo.toml @@ -31,6 +31,7 @@ libafl_qemu = { path = "../../../libafl_qemu", features = [ ] } libafl_targets = { path = "../../../libafl_targets", version = "0.13.2" } +env_logger = "0.11.5" log = { version = "0.4.22", features = ["release_max_level_info"] } clap = { version = "4.5.18", features = ["default"] } nix = { version = "0.29.0", features = ["fs"] } diff --git a/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs b/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs index 909a6511d0..b41940adfb 100644 --- a/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs +++ b/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs @@ -171,10 +171,11 @@ fn fuzz( logfile: PathBuf, timeout: Duration, ) -> Result<(), Error> { + env_logger::init(); env::remove_var("LD_LIBRARY_PATH"); let args: Vec = env::args().collect(); - let qemu = Qemu::init(&args).unwrap(); + let qemu = Qemu::init(&args).expect("QEMU init failed"); // let (emu, asan) = init_with_asan(&mut args, &mut env).unwrap(); let mut elf_buffer = Vec::new(); @@ -197,7 +198,8 @@ fn fuzz( let stack_ptr: u64 = qemu.read_reg(Regs::Sp).unwrap(); let mut ret_addr = [0; 8]; - unsafe { qemu.read_mem(stack_ptr, &mut ret_addr) }; + qemu.read_mem(stack_ptr, &mut ret_addr) + .expect("Error while reading QEMU memory."); let ret_addr = u64::from_le_bytes(ret_addr); println!("Stack pointer = {stack_ptr:#x}"); @@ -337,7 +339,7 @@ fn fuzz( } unsafe { - qemu.write_mem(input_addr, buf); + qemu.write_mem_unchecked(input_addr, buf); qemu.write_reg(Regs::Rdi, input_addr).unwrap(); qemu.write_reg(Regs::Rsi, len as GuestReg).unwrap(); @@ -397,7 +399,7 @@ fn fuzz( println!("Failed to load initial corpus at {:?}", &seed_dir); process::exit(0); }); - println!("We imported {} inputs from disk.", state.corpus().count()); + println!("We imported {} input(s) from disk.", state.corpus().count()); } let tracing = ShadowTracingStage::new(&mut executor); diff --git a/libafl_qemu/libafl_qemu_build/src/bindings.rs b/libafl_qemu/libafl_qemu_build/src/bindings.rs index f386fec00b..1733cff770 100644 --- a/libafl_qemu/libafl_qemu_build/src/bindings.rs +++ b/libafl_qemu/libafl_qemu_build/src/bindings.rs @@ -80,7 +80,6 @@ const WRAPPER_HEADER: &str = r#" #include "tcg/tcg.h" #include "tcg/tcg-op.h" #include "tcg/tcg-internal.h" -#include "exec/helper-head.h" #include "qemu/plugin-memory.h" diff --git a/libafl_qemu/libafl_qemu_build/src/build.rs b/libafl_qemu/libafl_qemu_build/src/build.rs index c879da04fd..6828b3fea3 100644 --- a/libafl_qemu/libafl_qemu_build/src/build.rs +++ b/libafl_qemu/libafl_qemu_build/src/build.rs @@ -11,7 +11,7 @@ use crate::cargo_add_rpath; pub const QEMU_URL: &str = "https://github.com/AFLplusplus/qemu-libafl-bridge"; pub const QEMU_DIRNAME: &str = "qemu-libafl-bridge"; -pub const QEMU_REVISION: &str = "c3c9c2128566ff325aa1a2bdcedde717f7d86e2c"; +pub const QEMU_REVISION: &str = "b01a0bc334cf11bfc5e8f121d9520ef7f47dbcd1"; #[allow(clippy::module_name_repetitions)] pub struct BuildResult { @@ -158,7 +158,7 @@ fn configure_qemu( .arg("--disable-linux-aio") .arg("--disable-linux-io-uring") .arg("--disable-linux-user") - .arg("--disable-live-block-migration") + // .arg("--disable-live-block-migration") .arg("--disable-lzfse") .arg("--disable-lzo") .arg("--disable-l2tpv3") @@ -174,7 +174,7 @@ fn configure_qemu( .arg("--disable-pa") .arg("--disable-parallels") .arg("--disable-png") - .arg("--disable-pvrdma") + // .arg("--disable-pvrdma") .arg("--disable-qcow1") .arg("--disable-qed") .arg("--disable-qga-vss")