From 01b7ce85ed8a861aabca4b548da43e2ddcec61c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nguy=E1=BB=85n=20Gia=20Phong?= Date: Tue, 20 May 2025 23:12:14 +0900 Subject: Fix QEMU for AFL++ --- loftix/emulation.scm | 5 +++++ loftix/fuzzing.scm | 17 +++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/loftix/emulation.scm b/loftix/emulation.scm index 0f7cbe2..a0d4a9c 100644 --- a/loftix/emulation.scm +++ b/loftix/emulation.scm @@ -78,6 +78,11 @@ ,(string-append "--prefix=" out) ,(string-append "--sysconfdir=/etc") ,@configure-flags))))) + (add-after 'install 'install-qasan-header + (lambda* (#:key outputs #:allow-other-keys) + (install-file "qemuafl/qasan.h" + (string-append (assoc-ref outputs "out") + "/include")))) (delete 'delete-firmwares))))))))) (define-public qemu-for-fuzzolic diff --git a/loftix/fuzzing.scm b/loftix/fuzzing.scm index c715bbc..de1ac77 100644 --- a/loftix/fuzzing.scm +++ b/loftix/fuzzing.scm @@ -33,6 +33,23 @@ (package (inherit aflplusplus) (name "afl++") + (arguments + (substitute-keyword-arguments (package-arguments aflplusplus) + ((#:phases phases) + #~(modify-phases #$phases + (add-after 'build 'build-qasan + (lambda* (#:key make-flags #:allow-other-keys) + (apply invoke + "make" "-C" "qemu_mode/libqasan" + make-flags))) + ;; afl-qemu-trace is a symbolic link to QEMU's binary. + ;; Substituting its source code with AFL++'s output path + ;; would result in a dependency cycle. + (add-after 'install-qemu 'wrap-qemu + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (wrap-program (string-append out "/bin/afl-qemu-trace") + `("AFL_PATH" = (,(string-append out "/lib/afl"))))))))))) (inputs (modify-inputs (package-inputs aflplusplus) (replace "qemu" qemu-for-aflplusplus))))) -- cgit v1.2.3