From 58c5e2b96c5f446214d0fff72c560f93509248c7 Mon Sep 17 00:00:00 2001 From: Kuang-che Wu Date: Thu, 3 Apr 2025 11:09:32 +0000 Subject: [PATCH] fix double free bug introduced by 73ab495b5d1a99722f4a2c2b1b9507daa7334fd9 --- src/afl-fuzz-skipdet.c | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/src/afl-fuzz-skipdet.c b/src/afl-fuzz-skipdet.c index 072b9b66..206a645b 100644 --- a/src/afl-fuzz-skipdet.c +++ b/src/afl-fuzz-skipdet.c @@ -126,12 +126,7 @@ u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf, inf_eff_map = (u8 *)ck_realloc(inf_eff_map, sizeof(u8) * len); memset(inf_eff_map, 1, sizeof(u8) * len); - if (common_fuzz_stuff(afl, orig_buf, len)) { - - ck_free(inf_eff_map); - return 0; - - } + if (common_fuzz_stuff(afl, orig_buf, len)) { return 0; } u64 prev_cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); u64 _prev_cksum = prev_cksum; @@ -159,12 +154,7 @@ u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf, flip_range(out_buf, pos, flip_block_size); - if (common_fuzz_stuff(afl, out_buf, len)) { - - ck_free(inf_eff_map); - return 0; - - } + if (common_fuzz_stuff(afl, out_buf, len)) { return 0; } flip_range(out_buf, pos, flip_block_size); @@ -329,7 +319,6 @@ u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf, if (common_fuzz_stuff(afl, out_buf, len)) { - ck_free(inf_eff_map); ck_free(non_eff_bytes); return 0; @@ -378,7 +367,6 @@ u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf, cleanup_skipdet: - ck_free(inf_eff_map); if (fuzz_nearby) { u8 *nearby_bytes = (u8 *)ck_alloc(sizeof(u8) * len);