Fuzzing BIOS with QEMU system mode (x86_64) #1199
Unanswered
langston-barrett
asked this question in
Q&A
Replies: 2 comments 1 reply
-
Looks like I can work around this by adding |
Beta Was this translation helpful? Give feedback.
0 replies
-
try to run it with qemu-libafl-bridge compiled as standalone qemu. i don't think this issue is related to libafl, it may be a regression in qemu. we use a recent commit and it can be very different from the qemu-system installed in your distro. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I'd like to fuzz a BIOS with QEMU system mode. However, I'm encountering some weird messages when specifying
-pflash bios.bin
. For the following example, I'm using an invalid BIOS file (just a bunch of zeroes), but the same behavior happens with a UEFI OVMF image.Here's how I made a 4MB file of zeroes (4MB b/c that's the size of the OVMF BIOS file):
head -c 4194304 /dev/zero > zero.bin
Here's a simple fuzzer based on the
qemu_systemmode
example (but targeting x86_64):Fuzzer code
And here's what I get when I run it:
Here's the GDB backtrace at
exit
:Backtrace
Same thing happens if I create the QCOW2 disk and run a similar command to what's in the README:
I don't get similar errors when running
qemu-system-x86_64
from the command-line.Does anyone know what these errors might be about? Does the QEMU sytem mode integration assume/require a standard BIOS?
Beta Was this translation helpful? Give feedback.
All reactions