about summary refs log tree commit diff
path: root/qemu_mode
diff options
context:
space:
mode:
Diffstat (limited to 'qemu_mode')
-rw-r--r--qemu_mode/patches/afl-qemu-common.h1
-rw-r--r--qemu_mode/patches/afl-qemu-cpu-inl.h4
-rw-r--r--qemu_mode/patches/afl-qemu-cpu-translate-inl.h2
3 files changed, 6 insertions, 1 deletions
diff --git a/qemu_mode/patches/afl-qemu-common.h b/qemu_mode/patches/afl-qemu-common.h
index 2b7bd51c..e435c62f 100644
--- a/qemu_mode/patches/afl-qemu-common.h
+++ b/qemu_mode/patches/afl-qemu-common.h
@@ -61,6 +61,7 @@ extern target_long    persistent_stack_offset;
 extern unsigned char  persistent_first_pass;
 extern unsigned char  persistent_save_gpr;
 extern target_ulong   persistent_saved_gpr[CPU_NB_REGS];
+extern int            persisent_retaddr_offset;
 
 extern __thread abi_ulong afl_prev_loc;
 
diff --git a/qemu_mode/patches/afl-qemu-cpu-inl.h b/qemu_mode/patches/afl-qemu-cpu-inl.h
index ee7d12e0..cfea04d6 100644
--- a/qemu_mode/patches/afl-qemu-cpu-inl.h
+++ b/qemu_mode/patches/afl-qemu-cpu-inl.h
@@ -90,6 +90,7 @@ target_long   persistent_stack_offset;
 unsigned char persistent_first_pass;
 unsigned char persistent_save_gpr;
 target_ulong  persistent_saved_gpr[CPU_NB_REGS];
+int           persisent_retaddr_offset;
 
 /* Instrumentation ratio: */
 
@@ -218,6 +219,9 @@ static void afl_setup(void) {
   
   if (getenv("AFL_QEMU_PERSISTENT_GPR"))
     persistent_save_gpr = 1;
+  
+  if (getenv("AFL_QEMU_PERSISTENT_RETADDR_OFFSET"))
+    persisent_retaddr_offset = strtoll(getenv("AFL_QEMU_PERSISTENT_RETADDR_OFFSET"), NULL, 16);
 
   if (getenv("AFL_QEMU_PERSISTENT_CNT"))
     afl_persistent_cnt = strtoll(getenv("AFL_QEMU_PERSISTENT_CNT"), NULL, 16);
diff --git a/qemu_mode/patches/afl-qemu-cpu-translate-inl.h b/qemu_mode/patches/afl-qemu-cpu-translate-inl.h
index 48b11c64..126cf255 100644
--- a/qemu_mode/patches/afl-qemu-cpu-translate-inl.h
+++ b/qemu_mode/patches/afl-qemu-cpu-translate-inl.h
@@ -195,7 +195,7 @@ static void afl_gen_compcov(target_ulong cur_loc, TCGv_i64 arg1, TCGv_i64 arg2,
       if (afl_persistent_ret_addr == 0) {                                     \
                                                                               \
         TCGv_ptr paddr = tcg_const_ptr(afl_persistent_addr);                  \
-        tcg_gen_st_tl(paddr, cpu_regs[R_ESP], 0);                             \
+        tcg_gen_st_tl(paddr, cpu_regs[R_ESP], persisent_retaddr_offset);      \
                                                                               \
       }                                                                       \
       tcg_gen_afl_call0(&afl_persistent_loop);                                \
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-16 12:09:30 +0000