ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-11 01:31:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix buffer overrun in rtn_extended_encoding

Browse Source 
`idx + i` can range from `0` to `buf.len`, but the memcpy may try and write to offsets from `idx + i` to `idx + 2 * i`.
This commit is contained in:
mchesser 2022-03-07 14:39:36 +10:30
parent c2229b506e
commit 2a00f32666
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/afl-fuzz-redqueen.c
View File

@ -2323,7 +2323,7 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry,
if (unlikely(its_fuzz(afl, buf, len, status))) { return 1; } if (unlikely(its_fuzz(afl, buf, len, status))) { return 1; }
// fprintf(stderr, "RTN ATTEMPT fromhex %u result %u\n", fromhex, // fprintf(stderr, "RTN ATTEMPT fromhex %u result %u\n", fromhex,
// *status); // *status);
memcpy(buf + idx + i, save + i, i + 1 + off); memcpy(buf + idx, save, i + 1 + off);
} }