ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-15 03:18:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

alloc-inl.h/ck_maybe_grow() back to size_t, reimplement overflow check

Browse Source
This commit is contained in:
hexcoder-
2020-03-28 11:01:29 +01:00
committed by Dominik Maier
parent 9d7ac3d99f
commit 1119a2e185
2 changed files with 8 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
include/alloc-inl.h
View File

@ -771,10 +771,10 @@ static inline void TRK_ck_free(void *ptr, const char *file, const char *func,
It will realloc *buf otherwise.
*size will grow exponentially as per:
https://blog.mozilla.org/nnethercote/2014/11/04/please-grow-your-buffers-exponentially/
Will FATAL if size_needed is <1 or *size is negative.
Will FATAL if size_needed is <1.
@return For convenience, this function returns *buf.
*/
static inline void *ck_maybe_grow(void **buf, ssize_t *size,
static inline void *ck_maybe_grow(void **buf, size_t *size,
size_t size_needed) {
/* Oops. found a bug? */
@ -782,14 +782,14 @@ static inline void *ck_maybe_grow(void **buf, ssize_t *size,
/* No need to realloc */
if (likely(*size >= size_needed)) return *buf;
if (unlikely(*size < 0)) FATAL("Negative size detected!");
/* No inital size was set */
/* No initial size was set */
if (*size == 0) *size = INITIAL_GROWTH_SIZE;
while (*size < size_needed) {
*size *= 2;
/* in case of overflow we'll realloc to size_needed */
if ((*size) < 0) *size = size_needed;
if (2*(*size) < size_needed) *size = size_needed;
else *size *= 2;
}

5
src/afl-fuzz-python.c
View File

@ -36,7 +36,7 @@ static void *unsupported(afl_state_t *afl, unsigned int seed) {
}
/* sorry for this makro...
it just filles in `&py_mutator->something_buf, &py_mutator->something_size`. */
it just fills in `&py_mutator->something_buf, &py_mutator->something_size`. */
#define BUF_PARAMS(name) \
(void **)&((py_mutator_t *)py_mutator)->name##_buf, \
&((py_mutator_t *)py_mutator)->name##_size
@ -371,8 +371,7 @@ size_t pre_save_py(void *py_mutator, u8 *buf, size_t buf_size, u8 **out_buf) {
py_out_buf_size = PyByteArray_Size(py_value);
ck_maybe_grow((void **)&py->pre_save_buf, &py->pre_save_size,
py_out_buf_size);
ck_maybe_grow(BUF_PARAMS(pre_save), py_out_buf_size);
memcpy(py->pre_save_buf, PyByteArray_AsString(py_value), py_out_buf_size);
Py_DECREF(py_value);