This repository was archived by the owner on Nov 29, 2021. It is now read-only.
This repository was archived by the owner on Nov 29, 2021. It is now read-only.
ARM64: Exit address cannot be start of basic block due to missing call to gen_tb_start #14
Description
Inside the function gen_intermediate_code_internal_a64 the produced translation blocks should be guarded with calls to gen_tb_start / gen_tb_end. For the normal Unicorn addr_end path this done correctly, but in case of the Unicorn AFL specific exits array the call to gen_tb_start is missing.
This issue results in an out of bounds access on the labels structure deeper in the call tree to gen_set_label. In my case it most often presented itself as a fatal TCG error due to an incorrect relocation type, but likely it can surface itself also in other ways. Also, this code has very minimal bounds checking, so it continued for quite a while before it becomes obvious something is wrong.