Clarify in docs that AFL_TARGET_ENV will apply to QEMU in QEMU mode, and note that QEMU_SET_ENV should be used instead in QEMU mode. Closes #1328

author: Adam Doupe <adamdoupe@gmail.com> 2022-02-26 22:08:06 +0000
committer: Adam Doupe <adamdoupe@gmail.com> 2022-02-26 22:20:58 +0000
commit: 1840c27b6ffa8f6231e477e5cf92009f17a28c17 (patch)
tree: bb5ad5d539f31933dc0ce97f455c97de6d0b5f8c
parent: fee1acf7e6096533f1aa8cd74035bed21c90fdf6 (diff)
download: afl++-1840c27b6ffa8f6231e477e5cf92009f17a28c17.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/docs/env_variables.md b/docs/env_variables.md
index 4626a9b6..edd57fb6 100644
--- a/docs/env_variables.md
+++ b/docs/env_variables.md
@@ -518,7 +518,12 @@ checks or alter some of the more exotic semantics of the tool:
     the target binary. Example: `AFL_TARGET_ENV="VAR1=1 VAR2='a b c'" afl-fuzz
     ... `. This exists mostly for things like `LD_LIBRARY_PATH` but it would
     theoretically allow fuzzing of AFL++ itself (with 'target' AFL++ using some
-    AFL_ vars that would disrupt work of 'fuzzer' AFL++).
+    AFL_ vars that would disrupt work of 'fuzzer' AFL++). Note that when using
+    QEMU mode, the `AFL_TARGET_ENV` environment variables will apply to QEMU, as
+    well as the target binary. Therefore, in this case, you might want to use
+    QEMU's `QEMU_SET_ENV` environment variable (see QEMU's documentation because
+    the format is different from `AFL_TARGET_ENV`) to apply the environment
+    variables to the target and not QEMU.
 
   - `AFL_TESTCACHE_SIZE` allows you to override the size of `#define
     TESTCASE_CACHE` in config.h. Recommended values are 50-250MB - or more if
author	Adam Doupe <adamdoupe@gmail.com>	2022-02-26 22:08:06 +0000
committer	Adam Doupe <adamdoupe@gmail.com>	2022-02-26 22:20:58 +0000
commit	1840c27b6ffa8f6231e477e5cf92009f17a28c17 (patch)
tree	bb5ad5d539f31933dc0ce97f455c97de6d0b5f8c
parent	fee1acf7e6096533f1aa8cd74035bed21c90fdf6 (diff)
download	afl++-1840c27b6ffa8f6231e477e5cf92009f17a28c17.tar.gz