fixed scan-build issues

2025-06-12 01:58:17 +00:00 · 2021-02-15 13:51:32 +01:00
parent 16ffbb37f5
commit 512f53984c
2 changed files with 28 additions and 4 deletions
--- a/src/afl-fuzz-redqueen.c
+++ b/src/afl-fuzz-redqueen.c
@ -382,6 +382,7 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len,
    rng = ranges;
    ranges = rng->next;
    ck_free(rng);
+    rng = NULL;

  }

@ -455,6 +456,15 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len,
  return 0;

 checksum_fail:
+  while (ranges) {
+
+    rng = ranges;
+    ranges = rng->next;
+    ck_free(rng);
+    rng = NULL;
+
+  }
+
  ck_free(backup);
  ck_free(changed);

@ -503,6 +513,8 @@ static int strntoll(const char *str, size_t sz, char **end, int base,
  long long   ret;
  const char *beg = str;

+  if (!str || !sz) { return 1; }
+
  for (; beg && sz && *beg == ' '; beg++, sz--) {};

  if (!sz) return 1;
@ -526,6 +538,8 @@ static int strntoull(const char *str, size_t sz, char **end, int base,
  unsigned long long ret;
  const char *       beg = str;

+  if (!str || !sz) { return 1; }
+
  for (; beg && sz && *beg == ' '; beg++, sz--)
    ;

@ -1303,7 +1317,7 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h,

  }

-#endif                                         /* CMPLOG_SOLVE_ARITHMETIC */
+#endif                                           /* CMPLOG_SOLVE_ARITHMETIC */

  return 0;

@ -2670,3 +2684,4 @@ exit_its:
  return r;

 }
+
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@ -552,13 +552,22 @@ int main(int argc, char **argv_orig, char **envp) {

      case 'F':                                         /* foreign sync dir */

-        if (!afl->is_main_node)
+        if (!optarg) { FATAL("Missing path for -F"); }
+        if (!afl->is_main_node) {
+
          FATAL(
              "Option -F can only be specified after the -M option for the "
              "main fuzzer of a fuzzing campaign");
-        if (afl->foreign_sync_cnt >= FOREIGN_SYNCS_MAX)
+
+        }
+
+        if (afl->foreign_sync_cnt >= FOREIGN_SYNCS_MAX) {
+
          FATAL("Maximum %u entried of -F option can be specified",
                FOREIGN_SYNCS_MAX);
+
+        }
+
        afl->foreign_syncs[afl->foreign_sync_cnt].dir = optarg;
        while (afl->foreign_syncs[afl->foreign_sync_cnt]
                   .dir[strlen(afl->foreign_syncs[afl->foreign_sync_cnt].dir) -
@ -802,7 +811,7 @@ int main(int argc, char **argv_orig, char **envp) {

      case 'l': {

-        afl->cmplog_lvl = atoi(optarg);
+        if (optarg) { afl->cmplog_lvl = atoi(optarg); }
        if (afl->cmplog_lvl < 1 || afl->cmplog_lvl > CMPLOG_LVL_MAX) {

          FATAL(