cpu-exec: Add AFL_QEMU_EXCLUDE_RANGES

This environment variable allows rejection of specific regions from instrumentation. It takes priority over AFL_INST_LIBS and AFL_QEMU_INST_RANGES, so it can be used to poke a "hole" in previously included sections.
2025-06-10 01:01:33 +00:00 · 2021-03-02 15:28:26 -05:00 · 2021-03-02 15:28:26 -05:00 · 8bdb40b763
commit 8bdb40b763
parent f0bc2e0e8b
2 changed files with 8 additions and 0 deletions
--- a/include/envs.h
+++ b/include/envs.h
@ -141,6 +141,7 @@ static char *afl_environment_variables[] = {
    "AFL_QEMU_PERSISTENT_RETADDR_OFFSET",
    "AFL_QEMU_PERSISTENT_EXITS",
    "AFL_QEMU_INST_RANGES",
+    "AFL_QEMU_EXCLUDE_RANGES",
    "AFL_QEMU_SNAPSHOT",
    "AFL_QUIET",
    "AFL_RANDOM_ALLOC_CANARY",
--- a/qemu_mode/README.md
+++ b/qemu_mode/README.md
@ -99,6 +99,13 @@ Just set AFL_QEMU_INST_RANGES=A,B,C...
 The format of the items in the list is either a range of addresses like 0x123-0x321
 or a module name like module.so (that is matched in the mapped object filename).

+Alternatively you can tell QEMU to ignore part of an address space for instrumentation.
+
+Just set AFL_QEMU_EXCLUDE_RANGES=A,B,C...
+
+The format of the items on the list is the same as for AFL_QEMU_INST_RANGES, and excluding ranges
+takes priority over any included ranges or AFL_INST_LIBS.
+
 ## 7) CompareCoverage

 CompareCoverage is a sub-instrumentation with effects similar to laf-intel.