LibAFL_QEMU: Issues switching between thumb and non-thumb on ARM

Question

Opened this issue a month ago · 0 comments

A breakpoint that switches to non-thumb and setting PC to thumb will lead to non-thumb execution:

In LibAFL_QEMU on arm

Set Lr to a non-thumb addr
Set Breakpoint on that address
Run a thumb function until return (first exec runs fine, in thumb)
After the breakpoint on non-thumb triggers, re-run that same function by placing the Pc to the entry of the thumb function (with last bit set)
=> The second execution is happening in non-thumb mode

A workaround is to set the return address to thumb, but this is not a general solution