diff options
| author | realmadsci <71108352+realmadsci@users.noreply.github.com> | 2021-03-12 15:53:42 -0500 |
|---|---|---|
| committer | realmadsci <71108352+realmadsci@users.noreply.github.com> | 2021-03-15 12:57:06 -0700 |
| commit | d4fb7f8b4015297e1c74b28d671eba058cfb6366 (patch) | |
| tree | 7dde59b58b4bdcb64a6007dbcc790f3b41c0c419 /src | |
| parent | 01ad0f3c6a45e28eb99e7076f97af2e2a9516c45 (diff) | |
| download | afl++-d4fb7f8b4015297e1c74b28d671eba058cfb6366.tar.gz | |
Add AFL_QEMU_CUSTOM_BIN environment flag
In QEMU mode (-Q), setting AFL_QEMU_CUSTOM_BIN cause afl-fuzz to skip prepending afl-qemu-trace to your command line. Use this if you wish to use a custom afl-qemu-trace or if you need to modify the afl-qemu-trace arguments.
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-common.c | 7 | ||||
| -rw-r--r-- | src/afl-fuzz-init.c | 1 |
2 files changed, 8 insertions, 0 deletions
diff --git a/src/afl-common.c b/src/afl-common.c index 9f6eb564..58fbf765 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -149,6 +149,13 @@ void argv_cpy_free(char **argv) { char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) { + if (unlikely(getenv("AFL_QEMU_CUSTOM_BIN"))) { + WARNF( + "AFL_QEMU_CUSTOM_BIN is enabled. " + "You must run your target under afl-qemu-trace on your own!"); + return argv; + } + if (!unlikely(own_loc)) { FATAL("BUG: param own_loc is NULL"); } u8 *tmp, *cp = NULL, *rsl, *own_copy; diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index ca2f75f1..82c1799e 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2592,6 +2592,7 @@ void check_binary(afl_state_t *afl, u8 *fname) { } if (afl->afl_env.afl_skip_bin_check || afl->use_wine || afl->unicorn_mode || + (afl->fsrv.qemu_mode && getenv("AFL_QEMU_CUSTOM_BIN")) || afl->non_instrumented_mode) { return; |