path: root/patches/qemu-for-aflplusplus-imported-headers.patch

From 8879cf700ce4e5fed7c1ab7ba4543f234d5cd5d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20Gia=20Phong?= <cnx@loang.net>
Date: Mon, 20 Oct 2025 20:04:20 +0900
Subject: [PATCH] Update headers imported from AFL++

---
 qemuafl/imported/config.h | 36 ++++++++++++++++++++++----
 qemuafl/imported/types.h  | 53 +++++++++++++++++++++++++++++++++++++--
 2 files changed, 82 insertions(+), 7 deletions(-)

diff --git a/qemuafl/imported/config.h b/qemuafl/imported/config.h
index 5ac0540d4efd3..0690b992b80e9 100644
--- a/qemuafl/imported/config.h
+++ b/qemuafl/imported/config.h
@@ -26,7 +26,7 @@
 /* Version string: */
 
 // c = release, a = volatile github dev, e = experimental branch
-#define VERSION "++4.32a"
+#define VERSION "++4.35a"
 
 /******************************************************
  *                                                    *
@@ -49,6 +49,9 @@
    Default: 300 (seconds) */
 #define STRATEGY_SWITCH_TIME 1000
 
+/* Default file permission umode when creating directories */
+#define DEFAULT_DIRS_PERMISSION 0700
+
 /* Default file permission umode when creating files (default: 0600) */
 #define DEFAULT_PERMISSION 0600
 
@@ -171,7 +174,9 @@
 #define EXEC_TM_ROUND 20U
 
 /* 64bit arch MACRO */
-#if (defined(__x86_64__) || defined(__arm64__) || defined(__aarch64__))
+#if (defined(__x86_64__) || defined(__arm64__) || defined(__aarch64__) ||    \
+     (defined(__riscv) && __riscv_xlen == 64) || defined(__powerpc64le__) || \
+     defined(__s390x__) || defined(__loongarch64))
   #define WORD_SIZE_64 1
 #endif
 
@@ -200,8 +205,8 @@
 
 /* Maximum number of unique hangs or crashes to record: */
 
-#define KEEP_UNIQUE_HANG 500U
-#define KEEP_UNIQUE_CRASH 10000U
+#define KEEP_UNIQUE_HANG 512U
+#define KEEP_UNIQUE_CRASH 25600U
 
 /* Baseline number of random tweaks during a single 'havoc' stage: */
 
@@ -337,6 +342,10 @@
 
 #define AVG_SMOOTHING 16
 
+/* Max length of sync id (the id after -M and -S) */
+
+#define SYNC_ID_MAX_LEN 50
+
 /* Sync interval (every n havoc cycles): */
 
 #define SYNC_INTERVAL 8
@@ -422,9 +431,15 @@
 
 #define SHM_ENV_VAR "__AFL_SHM_ID"
 
-/* Environment variable used to pass SHM FUZZ ID to the called program. */
+/* Environment variable used to pass shared memory fuzz map id
+and the mapping size to the called program. */
 
 #define SHM_FUZZ_ENV_VAR "__AFL_SHM_FUZZ_ID"
+#define SHM_FUZZ_MAP_SIZE_ENV_VAR "__AFL_SHM_FUZZ_MAP_SIZE"
+
+/* Default size of the shared memory fuzz map.
+We add 4 byte for one u32 length field. */
+#define SHM_FUZZ_MAP_SIZE_DEFAULT (MAX_FILE + 4)
 
 /* Other less interesting, internal-only variables. */
 
@@ -488,6 +503,17 @@
   #define MAP_INITIAL_SIZE MAP_SIZE
 #endif
 
+/* IJON max tracking map configuration */
+
+/* Number of IJON slots (power-of-2 for efficient bitmasking) */
+#define MAP_SIZE_IJON_ENTRIES 512
+
+/* IJON map size for set/inc/xor */
+#define MAP_SIZE_IJON_MAP 65536
+
+/* IJON map footprint in bytes (64-bit values for legacy compatibility) */
+#define MAP_SIZE_IJON_BYTES (MAP_SIZE_IJON_ENTRIES * sizeof(u64))  // = 4096
+
 /* Maximum allocator request size (keep well under INT_MAX): */
 
 #define MAX_ALLOC 0x40000000
diff --git a/qemuafl/imported/types.h b/qemuafl/imported/types.h
index d370bcfba28ab..a9ad56c5252aa 100644
--- a/qemuafl/imported/types.h
+++ b/qemuafl/imported/types.h
@@ -64,6 +64,7 @@ typedef uint128_t         u128;
 #define FS_OPT_AUTODICT 0x10000000
 #define FS_OPT_SHDMEM_FUZZ 0x01000000
 #define FS_OPT_NEWCMPLOG 0x02000000
+#define FS_OPT_IJON 0x04000000
 #define FS_OPT_OLD_AFLPP_WORKAROUND 0x0f000000
 // FS_OPT_MAX_MAPSIZE is 8388608 = 0x800000 = 2^23 = 1 << 23
 #define FS_OPT_MAX_MAPSIZE ((0x00fffffeU >> 1) + 1)
@@ -161,6 +162,54 @@ typedef int128_t s128;
                                                \
   })
 
+#define EXTRACT16(_s, _o)      \
+  ({                           \
+                               \
+    u8 *s = (u8 *)(_s) + (_o); \
+    u16 _ret = s[1];           \
+    _ret = (_ret << 8) | s[0]; \
+    _ret;                      \
+                               \
+  })
+
+#define EXTRACT32(_s, _o)      \
+  ({                           \
+                               \
+    u8 *s = (u8 *)(_s) + (_o); \
+    u32 _ret = s[3];           \
+    _ret = (_ret << 8) | s[2]; \
+    _ret = (_ret << 8) | s[1]; \
+    _ret = (_ret << 8) | s[0]; \
+    _ret;                      \
+                               \
+  })
+
+#define INSERT16(_d, _o, _x)   \
+  {                            \
+                               \
+    u8 *d = (u8 *)(_d) + (_o); \
+    u16 x = _x;                \
+    d[0] = x & 0xFF;           \
+    x >>= 8;                   \
+    d[1] = x & 0xFF;           \
+                               \
+  }
+
+#define INSERT32(_d, _o, _x)   \
+  {                            \
+                               \
+    u8 *d = (u8 *)(_d) + (_o); \
+    u32 x = _x;                \
+    d[0] = x & 0xFF;           \
+    x >>= 8;                   \
+    d[1] = x & 0xFF;           \
+    x >>= 8;                   \
+    d[2] = x & 0xFF;           \
+    x >>= 8;                   \
+    d[3] = x & 0xFF;           \
+                               \
+  }
+
 #ifdef AFL_LLVM_PASS
   #if defined(__linux__) || !defined(__ANDROID__)
     #define AFL_SR(s) (srandom(s))
@@ -172,10 +221,10 @@ typedef int128_t s128;
 #else
   #if defined(__linux__) || !defined(__ANDROID__)
     #define SR(s) (srandom(s))
-    #define R(x) (random() % (x))
+    #define AFL_R(x) (random() % (x))
   #else
     #define SR(s) ((void)s)
-    #define R(x) (arc4random_uniform(x))
+    #define AFL_R(x) (arc4random_uniform(x))
   #endif
 #endif                                                    /* ^AFL_LLVM_PASS */