stop the fuzzer if AFL_QEMU_PERSISTENT_ADDR is wrong

2025-06-14 11:08:06 +00:00 · 2020-01-31 18:49:22 +01:00
parent e5f081586d
commit f5d4618702
2 changed files with 9 additions and 1 deletions
--- a/qemu_mode/patches/afl-qemu-cpu-inl.h
+++ b/qemu_mode/patches/afl-qemu-cpu-inl.h
@ -273,6 +273,8 @@ static void afl_forkserver(CPUState *cpu) {

  afl_forksrv_pid = getpid();
  
+  int first_run = 1;
+
  /* All right, let's await orders... */

  while (1) {
@ -349,6 +351,8 @@ static void afl_forkserver(CPUState *cpu) {
       again. */

    if (WIFSTOPPED(status)) child_stopped = 1;
+    else if(unlikely(first_run)) exit(12); // Persistent is wrong
+    first_run = 0;

    if (write(FORKSRV_FD + 1, &status, 4) != 4) exit(7);

--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@ -189,7 +189,11 @@ u8 run_target(char** argv, u32 timeout) {
          "    - The binary, at least in some circumstances, exits in a way "
          "that\n"
          "      also kills the parent process - raise() could be the "
-          "culprit.\n\n"
+          "culprit.\n"
+          "    - If using persistent mode with QEMU, AFL_QEMU_PERSISTENT_ADDR "
+          "is\n"
+          "      probably not valid (hint: add the base address in case of PIE)"
+          "\n\n"
          "If all else fails you can disable the fork server via "
          "AFL_NO_FORKSRV=1.\n",
          mem_limit);