ARM64: Exit address cannot be start of basic block due to missing call to gen_tb_start

[MartijnB]

Inside the function gen_intermediate_code_internal_a64 the produced translation blocks should be guarded with calls to gen_tb_start / gen_tb_end. For the normal Unicorn addr_end path this done correctly, but in case of the Unicorn AFL specific exits array the call to gen_tb_start is missing.

https://github.com/AFLplusplus/unicornafl/blob/fb2fc9f25df32f17f6b6b859e4dbd70f9a857e0c/qemu/target-arm/translate-a64.c#L11095

This issue results in an out of bounds access on the labels structure deeper in the call tree to gen_set_label. In my case it most often presented itself as a fatal TCG error due to an incorrect relocation type, but likely it can surface itself also in other ways. Also, this code has very minimal bounds checking, so it continued for quite a while before it becomes obvious something is wrong.

[domenukk]

Thank you! Should be fixed with 3a8957fbf25b1cc9e58d59474f4a3dc0654801e3

[domenukk]

For the record, all other architectures already did this correctly.