diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c index f0508ded98..5c27df4e0d 100644 --- a/accel/tcg/translate-all.c +++ b/accel/tcg/translate-all.c @@ -127,8 +127,8 @@ static int exec_cmp_hook_added = 0; void libafl_gen_cmp(target_ulong pc, TCGv op0, TCGv op1, MemOp ot) { - uint32_t size; - void* func; + uint32_t size = 0; + void* func = NULL; switch (ot & MO_SIZE) { case MO_64: size = 8; diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 2e826206d2..06b1e06bf7 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -13254,6 +13254,13 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, return ret; } +//// --- Begin LibAFL code --- + +int (*libafl_syscall_hook)(uint64_t*, int, uint64_t, uint64_t, uint64_t, + uint64_t, uint64_t, uint64_t, uint64_t, uint64_t); + +//// --- End LibAFL code --- + abi_long do_syscall(void *cpu_env, int num, abi_long arg1, abi_long arg2, abi_long arg3, abi_long arg4, abi_long arg5, abi_long arg6, abi_long arg7, @@ -13283,9 +13290,31 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, print_syscall(cpu_env, num, arg1, arg2, arg3, arg4, arg5, arg6); } + //// --- Begin LibAFL code --- + + uint64_t ret64; + if (libafl_syscall_hook && libafl_syscall_hook(&ret64, num, + (uint64_t)arg1, + (uint64_t)arg2, + (uint64_t)arg3, + (uint64_t)arg4, + (uint64_t)arg5, + (uint64_t)arg6, + (uint64_t)arg7, + (uint64_t)arg8)) { + ret = (abi_ulong)ret64; + goto after_syscall; + } + + //// --- End LibAFL code --- + ret = do_syscall1(cpu_env, num, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8); + //// --- Begin LibAFL code --- +after_syscall: + //// --- End LibAFL code --- + if (unlikely(qemu_loglevel_mask(LOG_STRACE))) { print_syscall_ret(cpu_env, num, ret, arg1, arg2, arg3, arg4, arg5, arg6);