From 3b31b4d7963ff92a7e10d15b45ada04042c8a8f6 Mon Sep 17 00:00:00 2001 From: Romain Malmain Date: Thu, 17 Oct 2024 09:42:56 +0200 Subject: [PATCH] libafl_qemu: unset thumb bit for breakpoints (#2619) * unset thumb bit for breakpoints --- libafl_qemu/src/qemu/mod.rs | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/libafl_qemu/src/qemu/mod.rs b/libafl_qemu/src/qemu/mod.rs index ff46ae21d1..bf8f63d820 100644 --- a/libafl_qemu/src/qemu/mod.rs +++ b/libafl_qemu/src/qemu/mod.rs @@ -825,12 +825,26 @@ impl Qemu { } pub fn set_breakpoint(&self, addr: GuestAddr) { + // Remove thumb bit encoded in addresses. + // Since ARMv7, instructions are (half-)word aligned, so this is safe. + // For ARMv6 and before, this could be wrong since SCTLR.U could be 0. + // TODO: check precisely for architecture before doing this. + #[cfg(target_arch = "arm")] + let addr = { addr & !1 }; + unsafe { libafl_qemu_set_breakpoint(addr.into()); } } pub fn remove_breakpoint(&self, addr: GuestAddr) { + // Remove thumb bit encoded in addresses. + // Since ARMv7, instructions are (half-)word aligned, so this is safe. + // For ARMv6 and before, this could be wrong since SCTLR.U could be 0. + // TODO: check precisely for architecture before doing this. + #[cfg(target_arch = "arm")] + let addr = { addr & !1 }; + unsafe { libafl_qemu_remove_breakpoint(addr.into()); }