From 9caef2e60f1eef776612cd5e41f35430a58fe3b0 Mon Sep 17 00:00:00 2001
From: Alwin Berger <alwin.berger@tu-dortmund.de>
Date: Thu, 2 Dec 2021 03:17:06 +0100
Subject: [PATCH] Fix tb->icount > TCG_MAX_INSNS for edges

Aparently tcg_tb_alloc does not return a 0ed field,
which can cause icount to appear to have a value above the
maximum allowed number of instructions per tb.
---
 accel/tcg/translate-all.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 3b5994b56a..21c64a75c3 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -1815,6 +1815,7 @@ TranslationBlock *libafl_gen_edge(CPUState *cpu, target_ulong src_block,
     tb->flags = flags;
     tb->cflags = cflags;
     tb->trace_vcpu_dstate = *cpu->trace_dstate;
+    tb->icount = 0;
     tcg_ctx->tb_cflags = 0;
 
     tcg_func_start(tcg_ctx);
@@ -1935,6 +1936,7 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
     tb->flags = flags;
     tb->cflags = cflags;
     tb->trace_vcpu_dstate = *cpu->trace_dstate;
+    tb->icount = 0;
     tcg_ctx->tb_cflags = cflags;
  tb_overflow: