Describe the bug
When building a fuzzer using ARM qem_user, the fuzzer panics at runtime with the following error:
thread main panicked at 'called `Result::unwrap()` on an `Err` value: CustomError("Must specify mode for arm::ArchCapstoneBuilder with `mode()` method")', /libafl/libafl_qemu/src/blocks.rs:46:53
The fix for my use case was to change blocks.rs:46 to be:
let mode = if pc & 1 == 1 {
arch::arm::ArchMode::Thumb
} else {
arch::arm::ArchMode::Arm
}
let cs = crate::capstone()
.mode(arch::arm::ArchMode::Arm)
.detail(true)
.build()
.unwrap();
Maybe it would be better to check the Thumb bit in Regs::Cpsr? Also not sure if this is a bug in LibAFL or Capstone since crate::capstone() returns arm::ArchCapstoneBuilder here.
andreafioraldi
commented
1 year ago
Describe the bug When building a fuzzer using ARM qem_user, the fuzzer panics at runtime with the following error:
The fix for my use case was to change blocks.rs:46 to be:
Maybe it would be better to check the Thumb bit in
Regs::Cpsr? Also not sure if this is a bug in LibAFL or Capstone sincecrate::capstone()returnsarm::ArchCapstoneBuilderhere.