diff --git a/fuzzers/libfuzzer_libpng/build.rs b/fuzzers/libfuzzer_libpng/build.rs
index d41462e8a8..1b270dbd71 100644
--- a/fuzzers/libfuzzer_libpng/build.rs
+++ b/fuzzers/libfuzzer_libpng/build.rs
@@ -23,6 +23,10 @@ fn main() {
     // Enforce clang for its -fsanitize-coverage support.
     std::env::set_var("CC", "clang");
     std::env::set_var("CXX", "clang++");
+    let ldflags = match env::var("LDFLAGS") {
+        Ok(val) => val,
+        Err(_) => "".to_string(),
+    };
 
     if !libpng_path.is_dir() {
         if !Path::new(&libpng_tar).is_file() {
@@ -46,9 +50,7 @@ fn main() {
             .current_dir(&libpng_path)
             .args(&[
                 "--disable-shared",
-                "CC=clang",
-                "CFLAGS=-O3 -g -D_DEFAULT_SOURCE -fPIE -fsanitize-coverage=trace-pc-guard",
-                "LDFLAGS=-g -fPIE -fsanitize-coverage=trace-pc-guard",
+                &format!("--host={}", env::var("TARGET").unwrap())[..],
             ])
             .env("CC", "clang")
             .env("CXX", "clang++")
@@ -60,30 +62,14 @@ fn main() {
                 "CXXFLAGS",
                 "-O3 -g -D_DEFAULT_SOURCE -fPIE -fsanitize-coverage=trace-pc-guard",
             )
-            .env("LDFLAGS", "-g -fPIE -fsanitize-coverage=trace-pc-guard")
+            .env(
+                "LDFLAGS",
+                format!("-g -fPIE -fsanitize-coverage=trace-pc-guard {}", ldflags),
+            )
             .status()
             .unwrap();
         Command::new("make")
             .current_dir(&libpng_path)
-            //.arg(&format!("-j{}", num_cpus::get()))
-            .args(&[
-                "CC=clang",
-                "CXX=clang++",
-                "CFLAGS=-O3 -g -D_DEFAULT_SOURCE -fPIE -fsanitize-coverage=trace-pc-guard",
-                "LDFLAGS=-g -fPIE -fsanitize-coverage=trace-pc-guard",
-                "CXXFLAGS=-D_DEFAULT_SOURCE -fPIE -fsanitize-coverage=trace-pc-guard",
-            ])
-            .env("CC", "clang")
-            .env("CXX", "clang++")
-            .env(
-                "CFLAGS",
-                "-O3 -g -D_DEFAULT_SOURCE -fPIE -fsanitize-coverage=trace-pc-guard",
-            )
-            .env(
-                "CXXFLAGS",
-                "-O3 -g -D_DEFAULT_SOURCE -fPIE -fsanitize-coverage=trace-pc-guard",
-            )
-            .env("LDFLAGS", "-g -fPIE -fsanitize-coverage=trace-pc-guard")
             .status()
             .unwrap();
     }
@@ -94,6 +80,7 @@ fn main() {
 
     cc::Build::new()
         .include(&libpng_path)
+        .cpp(true)
         .flag("-fsanitize-coverage=trace-pc-guard")
         // .define("HAS_DUMMY_CRASH", "1")
         .file("./harness.cc")
@@ -108,7 +95,8 @@ fn main() {
     println!("cargo:rustc-link-lib=dylib=z");
 
     //For the C++ harness
-    println!("cargo:rustc-link-lib=static=stdc++");
+    //must by dylib for android
+    println!("cargo:rustc-link-lib=dylib=stdc++");
 
     println!("cargo:rerun-if-changed=build.rs");
 }
diff --git a/fuzzers/libfuzzer_libpng/harness.cc b/fuzzers/libfuzzer_libpng/harness.cc
index ea6680018f..15c204dc9f 100644
--- a/fuzzers/libfuzzer_libpng/harness.cc
+++ b/fuzzers/libfuzzer_libpng/harness.cc
@@ -59,7 +59,7 @@ struct PngObjectHandler {
       png_free(png_ptr, row_ptr);
     if (end_info_ptr)
       png_destroy_read_struct(&png_ptr, &info_ptr, &end_info_ptr);
-    else if (info_ptr) 
+    else if (info_ptr)
       png_destroy_read_struct(&png_ptr, &info_ptr, nullptr);
     else
       png_destroy_read_struct(&png_ptr, nullptr, nullptr);
@@ -159,6 +159,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
     PNG_CLEANUP
 #ifdef HAS_DUMMY_CRASH
     asm("ud2");
+ #ifdef __aarch64__
+      asm volatile (".word 0xf7f0a000\n");
+ #else
+      asm("ud2");
+ #endif
 #endif
     return 0;
   }
diff --git a/libafl/src/bolts/shmem.rs b/libafl/src/bolts/shmem.rs
index cc4d4f962f..f6edf33ff8 100644
--- a/libafl/src/bolts/shmem.rs
+++ b/libafl/src/bolts/shmem.rs
@@ -273,7 +273,7 @@ pub mod shmem {
             return 0 as *mut c_uchar;
         }
         snprintf(
-            (*shm).shm_str.as_mut_ptr() as *mut i8,
+            (*shm).shm_str.as_mut_ptr() as *mut c_char,
             size_of::<[c_char; 20]>() as c_ulong,
             b"%d\x00" as *const u8 as *const c_char,
             (*shm).shm_id,
diff --git a/libafl/src/executors/inprocess.rs b/libafl/src/executors/inprocess.rs
index 8945e69882..5c59f9df29 100644
--- a/libafl/src/executors/inprocess.rs
+++ b/libafl/src/executors/inprocess.rs
@@ -207,9 +207,14 @@ pub mod unix_signals {
         I: Input,
     {
         if CURRENT_INPUT_PTR == ptr::null() {
+            #[cfg(target_os = "android")]
+            let si_addr = { ((info._pad[0] as usize) | ((info._pad[1] as usize) << 32)) as usize };
+            #[cfg(not(target_os = "android"))]
+            let si_addr = { info.si_addr() as usize };
+
             println!(
                 "We crashed at addr 0x{:x}, but are not in the target... Bug in the fuzzer? Exiting.",
-                info.si_addr() as usize
+                si_addr
             );
             // let's yolo-cat the maps for debugging, if possible.
             #[cfg(target_os = "linux")]