From cb70307812317888fdadb97d61a674fb931ceb52 Mon Sep 17 00:00:00 2001
From: Alwin Berger <alwin.berger@tu-dortmund.de>
Date: Mon, 18 Sep 2023 10:59:41 +0200
Subject: [PATCH] fix jmp instrumentation

---
 accel/tcg/translate-all.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 92d46652c8..9511daa1b7 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -73,7 +73,7 @@
 static TCGHelperInfo libafl_exec_jmp_hook_info = {
     .func = NULL, .name = "libafl_exec_jmp_hook", \
     .flags = dh_callflag(void), \
-    .typemask = dh_typemask(void, 0) | dh_typemask(tl, 2) | dh_typemask(i64, 1)
+    .typemask = dh_typemask(void, 0) | dh_typemask(tl, 1) | dh_typemask(tl, 2) | dh_typemask(i64, 3) | dh_typemask(i64, 4), \
 };
 
 struct libafl_jmp_hook {
@@ -93,7 +93,7 @@ void libafl_add_jmp_hook(uint64_t (*gen)(target_ulong src, target_ulong dst, uin
                           void (*exec)(target_ulong src, target_ulong dst, uint64_t id, uint64_t data),
                           uint64_t data)
 {
-    struct libafl_jmp_hook* hook = malloc(sizeof(struct libafl_jmp_hook));
+    struct libafl_jmp_hook* hook = calloc(sizeof(struct libafl_jmp_hook), 1);
     hook->gen = gen;
     hook->exec = exec;
     hook->data = data;
@@ -102,7 +102,6 @@ void libafl_add_jmp_hook(uint64_t (*gen)(target_ulong src, target_ulong dst, uin
     
     memcpy(&hook->helper_info, &libafl_exec_jmp_hook_info, sizeof(TCGHelperInfo));
     hook->helper_info.func = exec;
-    //libafl_helper_table_add(&hook->helper_info);
 }
 
 void libafl_gen_jmp(target_ulong src, target_ulong dst);
@@ -114,14 +113,13 @@ void libafl_gen_jmp(target_ulong src, target_ulong dst)
         uint64_t cur_id = 0;
         if (hook->gen)
             cur_id = hook->gen(src, dst, hook->data);
-        void* func = hook->exec;
-        if (cur_id != (uint64_t)-1 && func) {
+        if (cur_id != (uint64_t)-1 && hook->exec) {
             TCGv_i64 tmp0 = tcg_constant_i64(src);
             TCGv_i64 tmp1 = tcg_constant_i64(dst);
             TCGv_i64 tmp2 = tcg_constant_i64(cur_id);
             TCGv_i64 tmp3 = tcg_constant_i64(hook->data);
             TCGTemp *tmp4[4] = { tcgv_i64_temp(tmp0), tcgv_i64_temp(tmp1), tcgv_i64_temp(tmp2), tcgv_i64_temp(tmp3) };
-            tcg_gen_callN(func, NULL, tmp4);
+            tcg_gen_callN(&hook->helper_info, NULL, tmp4);
             tcg_temp_free_i64(tmp0);
             tcg_temp_free_i64(tmp1);
             tcg_temp_free_i64(tmp2);