fix a global oob read

Use an additional constant to specifiy the size of the crash notifier
code in 32 bit mode (submit_panic / submit_kasan).

nyx/hypercall/hypercall.c

@@ -443,9 +443,9 @@ static void handle_hypercall_kafl_submit_panic(struct kvm_run *run, CPUState *cp
 	if(hypercall_enabled){
 		QEMU_PT_PRINTF(CORE_PREFIX, "Panic address:\t%lx", hypercall_arg);
 		if (run->hypercall.longmode) {
-			write_virtual_memory(hypercall_arg, (uint8_t*)PANIC_PAYLOAD_64, PAYLOAD_BUFFER_SIZE, cpu);
+			write_virtual_memory(hypercall_arg, (uint8_t*)PANIC_PAYLOAD_64, PAYLOAD_BUFFER_SIZE_64, cpu);
 		} else {
-			write_virtual_memory(hypercall_arg, (uint8_t*)PANIC_PAYLOAD_32, PAYLOAD_BUFFER_SIZE, cpu);
+			write_virtual_memory(hypercall_arg, (uint8_t*)PANIC_PAYLOAD_32, PAYLOAD_BUFFER_SIZE_32, cpu);
 		}
 	}
 }
@@ -454,9 +454,9 @@ static void handle_hypercall_kafl_submit_kasan(struct kvm_run *run, CPUState *cp
 	if(hypercall_enabled){
 		QEMU_PT_PRINTF(CORE_PREFIX, "kASAN address:\t%lx", hypercall_arg);
 		if (run->hypercall.longmode){
-			write_virtual_memory(hypercall_arg, (uint8_t*)KASAN_PAYLOAD_64, PAYLOAD_BUFFER_SIZE, cpu);
+			write_virtual_memory(hypercall_arg, (uint8_t*)KASAN_PAYLOAD_64, PAYLOAD_BUFFER_SIZE_64, cpu);
 		} else {
-			write_virtual_memory(hypercall_arg, (uint8_t*)KASAN_PAYLOAD_32, PAYLOAD_BUFFER_SIZE, cpu);
+			write_virtual_memory(hypercall_arg, (uint8_t*)KASAN_PAYLOAD_32, PAYLOAD_BUFFER_SIZE_32, cpu);
 		}
 	}
 }

nyx/hypercall/hypercall.h

@@ -21,7 +21,8 @@ along with QEMU-PT.  If not, see <http://www.gnu.org/licenses/>.
 
 #pragma once 
 
-#define PAYLOAD_BUFFER_SIZE		26
+#define PAYLOAD_BUFFER_SIZE_64		26
+#define PAYLOAD_BUFFER_SIZE_32		20
 
 #define KAFL_MODE_64	0
 #define KAFL_MODE_32	1