From 6065cb8a84b305146d37ae540926bac439fc5601 Mon Sep 17 00:00:00 2001
From: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Fri, 1 Oct 2021 11:25:15 +0200
Subject: [PATCH] Expore brk to libafl

---
 accel/tcg/translate-all.c |  8 ++++----
 linux-user/syscall.c      | 17 +++++++++++++++++
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 8fe434d468..12e21a19e1 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -172,13 +172,13 @@ void libafl_gen_read(TCGv addr, MemOp ot)
             libafl_helper_table_add(&libafl_exec_read_hookN_info);
         }
         TCGv_i64 tmp0 = tcg_const_i64(libafl_id);
-        TCGTemp *tmp1[3] = { tcgv_i64_temp(tmp0),
+        TCGTemp *tmp1[2] = { tcgv_i64_temp(tmp0),
 #if TARGET_LONG_BITS == 32
                              tcgv_i32_temp(addr) };
 #else
                              tcgv_i64_temp(addr) };
 #endif
-        tcg_gen_callN(func, NULL, 3, tmp1);
+        tcg_gen_callN(func, NULL, 2, tmp1);
         tcg_temp_free_i64(tmp0);
     }
 }
@@ -260,13 +260,13 @@ void libafl_gen_write(TCGv addr, MemOp ot)
             libafl_helper_table_add(&libafl_exec_write_hookN_info);
         }
         TCGv_i64 tmp0 = tcg_const_i64(libafl_id);
-        TCGTemp *tmp1[3] = { tcgv_i64_temp(tmp0),
+        TCGTemp *tmp1[2] = { tcgv_i64_temp(tmp0),
 #if TARGET_LONG_BITS == 32
                              tcgv_i32_temp(addr) };
 #else
                              tcgv_i64_temp(addr) };
 #endif
-        tcg_gen_callN(func, NULL, 3, tmp1);
+        tcg_gen_callN(func, NULL, 2, tmp1);
         tcg_temp_free_i64(tmp0);
     }
 }
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 7c6eb2a285..32dd3f2e27 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -762,6 +762,23 @@ void target_set_brk(abi_ulong new_brk)
     brk_page = HOST_PAGE_ALIGN(target_brk);
 }
 
+//// --- Begin LibAFL code ---
+
+uint64_t libafl_get_brk(void);
+uint64_t libafl_set_brk(uint64_t new_brk);
+
+uint64_t libafl_get_brk(void) {
+  return (uint64_t)target_brk;
+}
+
+uint64_t libafl_set_brk(uint64_t new_brk) {
+  uint64_t old_brk = (uint64_t)target_brk;
+  target_brk = (abi_ulong)new_brk;
+  return old_brk;
+}
+
+//// --- End LibAFL code ---
+
 //#define DEBUGF_BRK(message, args...) do { fprintf(stderr, (message), ## args); } while (0)
 #define DEBUGF_BRK(message, args...)