Merge branch 'master' of github.com:vanhauser-thc/AFLplusplus

qemu_mode/README.md

@@ -38,7 +38,13 @@ to 200 MB when specifying -Q to afl-fuzz; be careful when overriding this.
 In principle, if you set CPU_TARGET before calling ./build_qemu_support.sh,
 you should get a build capable of running non-native binaries (say, you
 can try CPU_TARGET=arm). This is also necessary for running 32-bit binaries
-on a 64-bit system (CPU_TARGET=i386).
+on a 64-bit system (CPU_TARGET=i386). If you're trying to run QEMU on a
+different architecture you can also set HOST to the cross-compiler prefix
+to use (for example HOST=arm-linux-gnueabi to use arm-linux-gnueabi-gcc).
+
+You can also compile statically-linked binaries by setting STATIC=1. This
+can be useful when compiling QEMU on a different system than the one you're
+planning to run the fuzzer on and is most often used with the HOST variable.
 
 Note: if you want the QEMU helper to be installed on your system for all
 users, you need to build it before issuing 'make install' in the parent

qemu_mode/build_qemu_support.sh

@@ -125,6 +125,13 @@ tar xf "$ARCHIVE" || exit 1
 
 echo "[+] Unpacking successful."
 
+if [ -n "$HOST" ]; then
+  echo "[+] Configuring host architecture to $HOST..."
+  CROSS_PREFIX=$HOST-
+else
+  CROSS_PREFIX=
+fi
+
 echo "[*] Configuring QEMU for $CPU_TARGET..."
 
 ORIG_CPU_TARGET="$CPU_TARGET"
@@ -145,12 +152,30 @@ patch -p1 <../patches/i386-translate.diff || exit 1
 
 echo "[+] Patching done."
 
-# --enable-pie seems to give a couple of exec's a second performance
-# improvement, much to my surprise. Not sure how universal this is..
+if [ "$STATIC" -eq "1" ]; then
 
-CFLAGS="-O3 -ggdb" ./configure --disable-system \
-  --enable-linux-user --disable-gtk --disable-sdl --disable-vnc \
-  --target-list="${CPU_TARGET}-linux-user" --enable-pie --enable-kvm || exit 1
+  CFLAGS="-O3 -ggdb" ./configure --disable-bsd-user --disable-guest-agent --disable-strip --disable-werror \
+	  --disable-gcrypt --disable-debug-info --disable-debug-tcg --enable-docs --disable-tcg-interpreter \
+	  --enable-attr --disable-brlapi --disable-linux-aio --disable-bzip2 --disable-bluez --disable-cap-ng \
+	  --disable-curl --disable-fdt --disable-glusterfs --disable-gnutls --disable-nettle --disable-gtk \
+	  --disable-rdma --disable-libiscsi --disable-vnc-jpeg --enable-kvm --disable-lzo --disable-curses \
+	  --disable-libnfs --disable-numa --disable-opengl --disable-vnc-png --disable-rbd --disable-vnc-sasl \
+	  --disable-sdl --disable-seccomp --disable-smartcard --disable-snappy --disable-spice --disable-libssh2 \
+	  --disable-libusb --disable-usb-redir --disable-vde --disable-vhost-net --disable-virglrenderer \
+	  --disable-virtfs --disable-vnc --disable-vte --disable-xen --disable-xen-pci-passthrough --disable-xfsctl \
+	  --enable-linux-user --disable-system --disable-blobs --disable-tools \
+	  --target-list="${CPU_TARGET}-linux-user" --static --disable-pie --cross-prefix=$CROSS_PREFIX || exit 1
+
+else
+
+  # --enable-pie seems to give a couple of exec's a second performance
+  # improvement, much to my surprise. Not sure how universal this is..
+  
+  CFLAGS="-O3 -ggdb" ./configure --disable-system \
+    --enable-linux-user --disable-gtk --disable-sdl --disable-vnc \
+    --target-list="${CPU_TARGET}-linux-user" --enable-pie --enable-kvm $CROSS_PREFIX || exit 1
+
+fi
 
 echo "[+] Configuration complete."