ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 19:08:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixed bugs in custom_describe, reported by wizche

Browse Source
This commit is contained in:
Dominik Maier
2020-12-04 14:25:18 +01:00
parent 1f34b9f8e1
commit 1dbefc14ea
3 changed files with 16 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/afl-fuzz-bitmap.c
View File

@ -425,8 +425,10 @@ void minimize_bits(afl_state_t *afl, u8 *dst, u8 *src) {
/* Construct a file name for a new test case, capturing the operation
that led to its discovery. Returns a ptr to afl->describe_op_buf_256. */
u8 *describe_op(afl_state_t *afl, u8 new_bits) {
u8 *describe_op(afl_state_t *afl, u8 new_bits, size_t max_description_len) {
size_t real_max_len =
MIN(max_description_len, sizeof(afl->describe_op_buf_256));
u8 *ret = afl->describe_op_buf_256;
if (unlikely(afl->syncing_party)) {
@ -453,10 +455,9 @@ u8 *describe_op(afl_state_t *afl, u8 new_bits) {
size_t len_current = strlen(ret);
ret[len_current++] = ',';
ret[len_current++] = '\0';
ret[len_current] = '\0';
size_t size_left =
sizeof(afl->describe_op_buf_256) - len_current - strlen(",+cov") - 2;
size_t size_left = real_max_len - len_current - strlen(",+cov") - 2;
assert(size_left > 0);
const char *custom_description =
@ -504,6 +505,8 @@ u8 *describe_op(afl_state_t *afl, u8 new_bits) {
if (new_bits == 2) { strcat(ret, ",+cov"); }
assert(strlen(ret) <= max_description_len);
return ret;
}
@ -610,8 +613,9 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
#ifndef SIMPLE_FILES
queue_fn = alloc_printf("%s/queue/id:%06u,%s", afl->out_dir,
afl->queued_paths, describe_op(afl, new_bits));
queue_fn = alloc_printf(
"%s/queue/id:%06u,%s", afl->out_dir, afl->queued_paths,
describe_op(afl, new_bits, NAME_MAX - strlen("id:000000,")));
#else
@ -777,7 +781,8 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
#ifndef SIMPLE_FILES
snprintf(fn, PATH_MAX, "%s/hangs/id:%06llu,%s", afl->out_dir,
afl->unique_hangs, describe_op(afl, 0));
afl->unique_hangs,
describe_op(afl, 0, NAME_MAX - strlen("id:000000,")));
#else
@ -822,7 +827,7 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
snprintf(fn, PATH_MAX, "%s/crashes/id:%06llu,sig:%02u,%s", afl->out_dir,
afl->unique_crashes, afl->fsrv.last_kill_signal,
describe_op(afl, 0));
describe_op(afl, 0, NAME_MAX - strlen("id:000000,sig:00,")));
#else