--- qemu-2.10.0/linux-user/elfload.c.after	2019-05-28 15:21:36.931618928 +0200
+++ qemu-2.10.0/linux-user/elfload.c	2019-05-28 15:22:23.939617556 +0200
@@ -2087,7 +2087,20 @@
     info->brk = 0;
     info->elf_flags = ehdr->e_flags;
 
-    if (!afl_entry_point) afl_entry_point = info->entry;
+    if (!afl_entry_point) {
+      char *ptr;
+      if ((ptr = getenv("AFL_ENTRYPOINT")) != NULL) {
+        afl_entry_point = strtoul(ptr, NULL, 16);
+      } else {
+        if (!afl_entry_point) afl_entry_point = info->entry;
+      }
+#ifdef TARGET_ARM
+      /* The least significant bit indicates Thumb mode. */
+      afl_entry_point = afl_entry_point & ~(target_ulong)1;
+#endif
+      if (getenv("AFL_DEBUG") != NULL)
+        fprintf(stderr, "AFL forkserver entrypoint: %p\n", (void*)afl_entry_point);
+    } while(0);
 
     for (i = 0; i < ehdr->e_phnum; i++) {
         struct elf_phdr *eppnt = phdr + i;