libafl_qemu: unset thumb bit for breakpoints (AFLplusplus#2619)

rmalmain · web-flow · commit 3b31b4d7963f · 2024-10-17T09:42:56.000+02:00
* unset thumb bit for breakpoints
diff --git a/libafl_qemu/src/qemu/mod.rs b/libafl_qemu/src/qemu/mod.rs
@@ -825,12 +825,26 @@ impl Qemu {
     }
 
     pub fn set_breakpoint(&self, addr: GuestAddr) {
+        // Remove thumb bit encoded in addresses.
+        // Since ARMv7, instructions are (half-)word aligned, so this is safe.
+        // For ARMv6 and before, this could be wrong since SCTLR.U could be 0.
+        // TODO: check precisely for architecture before doing this.
+        #[cfg(target_arch = "arm")]
+        let addr = { addr & !1 };
+
         unsafe {
             libafl_qemu_set_breakpoint(addr.into());
         }
     }
 
     pub fn remove_breakpoint(&self, addr: GuestAddr) {
+        // Remove thumb bit encoded in addresses.
+        // Since ARMv7, instructions are (half-)word aligned, so this is safe.
+        // For ARMv6 and before, this could be wrong since SCTLR.U could be 0.
+        // TODO: check precisely for architecture before doing this.
+        #[cfg(target_arch = "arm")]
+        let addr = { addr & !1 };
+
         unsafe {
             libafl_qemu_remove_breakpoint(addr.into());
         }
