7 files changed, 87 insertions, 34 deletions

diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh
index bd42c58e..118f6ebd 100755
--- a/qemu_mode/build_qemu_support.sh
+++ b/qemu_mode/build_qemu_support.sh
@@ -174,6 +174,8 @@ patch -p1 <../patches/configure.diff || exit 1
 patch -p1 <../patches/tcg-runtime.diff || exit 1
 patch -p1 <../patches/tcg-runtime-head.diff || exit 1
 patch -p1 <../patches/translator.diff || exit 1
+patch -p1 <../patches/__init__.py.diff || exit 1
+patch -p1 <../patches/make_strncpy_safe.diff || exit 1
 
 echo "[+] Patching done."
 
diff --git a/qemu_mode/patches/__init__.py.diff b/qemu_mode/patches/__init__.py.diff
new file mode 100644
index 00000000..7e189b99
--- /dev/null
+++ b/qemu_mode/patches/__init__.py.diff
@@ -0,0 +1,17 @@
+--- a/scripts/tracetool/__init__.py	2020-03-28 13:42:21.937700726 +0100
++++ b/scripts/tracetool/__init__.py	2020-03-28 13:41:50.991034257 +0100
+@@ -447,12 +447,12 @@
+     import tracetool
+ 
+     format = str(format)
+-    if len(format) is 0:
++    if len(format) == 0:
+         raise TracetoolError("format not set")
+     if not tracetool.format.exists(format):
+         raise TracetoolError("unknown format: %s" % format)
+ 
+-    if len(backends) is 0:
++    if len(backends) == 0:
+         raise TracetoolError("no backends specified")
+     for backend in backends:
+         if not tracetool.backend.exists(backend):
diff --git a/qemu_mode/patches/afl-qemu-cpu-inl.h b/qemu_mode/patches/afl-qemu-cpu-inl.h
index 9fdc23ea..3bd107d7 100644
--- a/qemu_mode/patches/afl-qemu-cpu-inl.h
+++ b/qemu_mode/patches/afl-qemu-cpu-inl.h
@@ -413,7 +413,7 @@ void afl_forkserver(CPUState *cpu) {
 void afl_persistent_loop(void) {
 
   static u32            cycle_cnt;
-  static struct afl_tsl exit_cmd_tsl = {{-1, 0, 0, 0}, NULL};
+  static struct afl_tsl exit_cmd_tsl = {{-1, 0, 0, 0}, '\0'};
 
   if (!afl_fork_child) return;
 
diff --git a/qemu_mode/patches/afl-qemu-tcg-inl.h b/qemu_mode/patches/afl-qemu-tcg-inl.h
index 430574e5..f7c662db 100644
--- a/qemu_mode/patches/afl-qemu-tcg-inl.h
+++ b/qemu_mode/patches/afl-qemu-tcg-inl.h
@@ -30,6 +30,7 @@
    have a look at afl-showmap.c.
 
  */
+void afl_gen_tcg_plain_call(void *func);
 
 void afl_gen_tcg_plain_call(void *func) {
 
diff --git a/qemu_mode/patches/make_strncpy_safe.diff b/qemu_mode/patches/make_strncpy_safe.diff
new file mode 100644
index 00000000..38c7d248
--- /dev/null
+++ b/qemu_mode/patches/make_strncpy_safe.diff
@@ -0,0 +1,31 @@
+--- a/util/qemu-sockets.c	2020-03-28 13:55:09.511029429 +0100
++++ b/util/qemu-sockets.c	2020-03-28 14:01:12.147693937 +0100
+@@ -877,7 +877,7 @@
+ 
+     memset(&un, 0, sizeof(un));
+     un.sun_family = AF_UNIX;
+-    strncpy(un.sun_path, path, sizeof(un.sun_path));
++    strncpy(un.sun_path, path, sizeof(un.sun_path) - 1);
+ 
+     if (bind(sock, (struct sockaddr*) &un, sizeof(un)) < 0) {
+         error_setg_errno(errp, errno, "Failed to bind socket to %s", path);
+@@ -922,7 +922,7 @@
+ 
+     memset(&un, 0, sizeof(un));
+     un.sun_family = AF_UNIX;
+-    strncpy(un.sun_path, saddr->path, sizeof(un.sun_path));
++    strncpy(un.sun_path, saddr->path, sizeof(un.sun_path) - 1);
+ 
+     /* connect to peer */
+     do {
+--- a/block/sheepdog.c	2020-03-28 14:01:57.164360270 +0100
++++ b/block/sheepdog.c	2020-03-28 14:02:52.781026597 +0100
+@@ -1236,7 +1236,7 @@
+      * don't want the send_req to read uninitialized data.
+      */
+     strncpy(buf, filename, SD_MAX_VDI_LEN);
+-    strncpy(buf + SD_MAX_VDI_LEN, tag, SD_MAX_VDI_TAG_LEN);
++    strncpy(buf + SD_MAX_VDI_LEN, tag, SD_MAX_VDI_TAG_LEN - 1);
+ 
+     memset(&hdr, 0, sizeof(hdr));
+     if (lock) {
diff --git a/qemu_mode/unsigaction/GNUmakefile b/qemu_mode/unsigaction/GNUmakefile
new file mode 100644
index 00000000..31fa8c55
--- /dev/null
+++ b/qemu_mode/unsigaction/GNUmakefile
@@ -0,0 +1,34 @@
+#
+# american fuzzy lop++ - unsigaction
+# --------------------------------
+#
+# Written by Andrea Fioraldi <andreafioraldi@gmail.com>
+#
+# Copyright 2019-2020 Andrea Fioraldi. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+
+ifndef AFL_NO_X86
+
+all: lib_i386 lib_amd64
+
+lib_i386:
+	@$(CC) -m32 -fPIC -shared unsigaction.c -o unsigaction32.so 2>/dev/null ; if [ "$$?" = "0" ]; then echo "unsigaction32 build success"; else echo "unsigaction32 build failure (that's fine)"; fi
+
+lib_amd64:
+	$(CC) -fPIC -shared unsigaction.c -o unsigaction64.so
+
+clean:
+	rm -f unsigaction32.so unsigaction64.so
+
+else
+
+all:
+	@echo "[!] Note: skipping compilation of unsigaction (AFL_NO_X86 set)."
+
+endif
diff --git a/qemu_mode/unsigaction/Makefile b/qemu_mode/unsigaction/Makefile
index 31fa8c55..0b306dde 100644
--- a/qemu_mode/unsigaction/Makefile
+++ b/qemu_mode/unsigaction/Makefile
@@ -1,34 +1,2 @@
-#
-# american fuzzy lop++ - unsigaction
-# --------------------------------
-#
-# Written by Andrea Fioraldi <andreafioraldi@gmail.com>
-#
-# Copyright 2019-2020 Andrea Fioraldi. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at:
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-
-ifndef AFL_NO_X86
-
-all: lib_i386 lib_amd64
-
-lib_i386:
-	@$(CC) -m32 -fPIC -shared unsigaction.c -o unsigaction32.so 2>/dev/null ; if [ "$$?" = "0" ]; then echo "unsigaction32 build success"; else echo "unsigaction32 build failure (that's fine)"; fi
-
-lib_amd64:
-	$(CC) -fPIC -shared unsigaction.c -o unsigaction64.so
-
-clean:
-	rm -f unsigaction32.so unsigaction64.so
-
-else
-
 all:
-	@echo "[!] Note: skipping compilation of unsigaction (AFL_NO_X86 set)."
-
-endif
+	@echo please use GNU make, thanks!