add a flag for edge TB so we can unlink it completely

AFLplusplus / qemu-libafl-bridge

A patched QEMU that exposes an interface for LibAFL-based fuzzers

Other

57 stars 29 forks source link

add a flag for edge TB so we can unlink it completely #53

Closed cube0x8 closed 4 months ago

cube0x8 commented 6 months ago

First coarse attempt at resolving #52. It fixes the bug for me, no more infinite loop.

I added an additional flag when creating a new edge, which is later checked in tb_jmp_unlink to verify if we're unlinking an edge. In case, we call tb_reset_edge (this can actually be a recursive call at tb_jmp_unlink, but I didn't want to complicate it too much for now) and unlink the edge from its predecessor.

@andreafioraldi @rmalmain if you think it makes any sense, I can improve it.

andreafioraldi commented 5 months ago

it looks good thanks

andreafioraldi commented 5 months ago

can you mark you changes between the begin and end libafl code markers? like here https://github.com/AFLplusplus/qemu-libafl-bridge/blob/fd6a2f3cce4b0de2ad48703f7c93f9813c96b12c/linux-user/elfload.c#L3316

cube0x8 commented 5 months ago

Yes, there are also other modifications that need to be pushed. I will push them soon