more small fixes

2025-06-15 03:18:07 +00:00 · 2020-11-13 00:44:08 +01:00
parent 4a4c14c9a9
commit 54a312a5fe
5 changed files with 13 additions and 9 deletions
--- a/qemu_mode/libcompcov/pmparser.h
+++ b/qemu_mode/libcompcov/pmparser.h
@ -108,7 +108,6 @@ void pmparser_print(procmaps_struct *map, int order);

 procmaps_iterator *pmparser_parse(int pid) {

-  procmaps_iterator *maps_it = malloc(sizeof(procmaps_iterator));
  char               maps_path[500];
  if (pid >= 0) {

@ -129,6 +128,7 @@ procmaps_iterator *pmparser_parse(int pid) {

  }

+  procmaps_iterator *maps_it = malloc(sizeof(procmaps_iterator));
  int  ind = 0;
  char buf[PROCMAPS_LINE_MAX_LENGTH];
  // int c;
--- a/qemu_mode/qemuafl
+++ b/qemu_mode/qemuafl
--- a/src/afl-common.c
+++ b/src/afl-common.c
@ -342,7 +342,7 @@ u8 *find_binary(u8 *fname) {
    if (stat(target_path, &st) || !S_ISREG(st.st_mode) ||
        !(st.st_mode & 0111) || st.st_size < 4) {

-      free(target_path);
+      ck_free(target_path);
      FATAL("Program '%s' not found or not executable", fname);

    }
--- a/src/afl-fuzz-python.c
+++ b/src/afl-fuzz-python.c
@ -214,6 +214,7 @@ static py_mutator_t *init_py_module(afl_state_t *afl, u8 *module_name) {

    PyErr_Print();
    fprintf(stderr, "Failed to load \"%s\"\n", module_name);
+    free(py);
    return NULL;

  }
--- a/unicorn_mode/samples/persistent/simple_target_noncrashing.c
+++ b/unicorn_mode/samples/persistent/simple_target_noncrashing.c
@ -10,7 +10,7 @@
 * Written by Nathan Voss <njvoss99@gmail.com>
 * Adapted by Lukas Seidel <seidel.1@campus.tu-berlin.de>
 */
-
+#include <string.h>

 int main(int argc, char** argv) {
  if(argc < 2){
@ -19,15 +19,19 @@ int main(int argc, char** argv) {

  char *data_buf = argv[1];

-  if len(data_buf < 20) {
-  if (data_buf[20] != 0) {
+  if (strlen(data_buf) >= 21 && data_buf[20] != 0) {
    printf("Not crashing");
-  } else if (data_buf[0] > 0x10 && data_buf[0] < 0x20 && data_buf[1] > data_buf[2]) {
+  } else if (strlen(data_buf) > 1
+             && data_buf[0] > 0x10 && data_buf[0] < 0x20 && data_buf[1] > data_buf[2]) {
    printf("Also not crashing with databuf[0] == %c", data_buf[0])
-  } else if (data_buf[9] == 0x00 && data_buf[10] != 0x00 && data_buf[11] == 0x00) {
+  }
+#if 0
+  // not possible with argv (zero terminated strings) (hexcoder-)
+  // do not try to access data_buf[10] and beyond
+  else if (data_buf[9] == 0x00 && data_buf[10] != 0x00 && data_buf[11] == 0x00) {
    // Cause a crash if data[10] is not zero, but [9] and [11] are zero
    unsigned char invalid_read = *(unsigned char *) 0x00000000;
  }
-
+#endif
  return 0;
 }