fix double free on exit for -c 0 on src cmplog

src/afl-cc.c

@@ -424,21 +424,21 @@ static void edit_params(u32 argc, char **argv, char **envp) {
 
     char *fplugin_arg;
 
-    if (cmplog_mode)
-      {
-	fplugin_arg = alloc_printf("-fplugin=%s/afl-gcc-cmplog-pass.so",
-				   obj_path);
-	cc_params[cc_par_cnt++] = fplugin_arg;
-	fplugin_arg = alloc_printf("-fplugin=%s/afl-gcc-cmptrs-pass.so",
-				   obj_path);
-	cc_params[cc_par_cnt++] = fplugin_arg;
-      }
-    else
-      {
-	fplugin_arg = alloc_printf("-fplugin=%s/afl-gcc-pass.so",
-				   obj_path);
-	cc_params[cc_par_cnt++] = fplugin_arg;
-      }
+    if (cmplog_mode) {
+
+      fplugin_arg =
+          alloc_printf("-fplugin=%s/afl-gcc-cmplog-pass.so", obj_path);
+      cc_params[cc_par_cnt++] = fplugin_arg;
+      fplugin_arg =
+          alloc_printf("-fplugin=%s/afl-gcc-cmptrs-pass.so", obj_path);
+      cc_params[cc_par_cnt++] = fplugin_arg;
+
+    } else {
+
+      fplugin_arg = alloc_printf("-fplugin=%s/afl-gcc-pass.so", obj_path);
+      cc_params[cc_par_cnt++] = fplugin_arg;
+
+    }
 
     cc_params[cc_par_cnt++] = "-fno-if-conversion";
     cc_params[cc_par_cnt++] = "-fno-if-conversion2";
@@ -2166,7 +2166,8 @@ int main(int argc, char **argv, char **envp) {
 
   }
 
-  cmplog_mode = getenv("AFL_CMPLOG") || getenv("AFL_LLVM_CMPLOG") || getenv("AFL_GCC_CMPLOG");
+  cmplog_mode = getenv("AFL_CMPLOG") || getenv("AFL_LLVM_CMPLOG") ||
+                getenv("AFL_GCC_CMPLOG");
 
 #if !defined(__ANDROID__) && !defined(ANDROID)
   ptr = find_object("afl-compiler-rt.o", argv[0]);

src/afl-fuzz.c

@@ -1469,7 +1469,7 @@ int main(int argc, char **argv_orig, char **envp) {
   if (afl->shm.cmplog_mode &&
       (!strcmp("-", afl->cmplog_binary) || !strcmp("0", afl->cmplog_binary))) {
 
-    afl->cmplog_binary = argv[optind];
+    afl->cmplog_binary = strdup(argv[optind]);
 
   }