ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 11:08:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixed leak

Browse Source
This commit is contained in:
Dominik Maier
2020-03-28 00:44:52 +01:00
parent e71c2937de
commit 5bd8aa489b
3 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/alloc-inl.h
View File

@ -788,10 +788,12 @@ static inline void *ck_maybe_grow(void **buf, size_t *size,
while (*size < size_needed) { while (*size < size_needed) {
*size *= 2; *size *= 2;
if ((*size) < 0) FATAL("size_t overflow");
} }
*buf = ck_realloc(*buf, *size); *buf = ck_realloc(*buf, *size);
return *buf; return *buf;
} }

1
src/afl-fuzz-init.c
View File

@ -379,6 +379,7 @@ void read_testcases(afl_state_t *afl) {
if (!S_ISREG(st.st_mode) || !st.st_size || strstr(fn2, "/README.txt")) { if (!S_ISREG(st.st_mode) || !st.st_size || strstr(fn2, "/README.txt")) {
free(fn2);
continue; continue;
} }

10
src/afl-fuzz-one.c
View File

@ -430,7 +430,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
single byte anyway, so it wouldn't give us any performance or memory usage single byte anyway, so it wouldn't give us any performance or memory usage
benefits. */ benefits. */
out_buf = ck_maybe_grow((void **)&afl->out_buf, &afl->out_size, len); out_buf = ck_maybe_grow(BUF_PARAMS(out), len);
afl->subseq_tmouts = 0; afl->subseq_tmouts = 0;
@ -1958,8 +1958,7 @@ havoc_stage:
clone_to = rand_below(afl, temp_len); clone_to = rand_below(afl, temp_len);
new_buf = new_buf =
ck_maybe_grow((void **)&afl->out_scratch_buf, ck_maybe_grow(BUF_PARAMS(out_scratch), temp_len + clone_len);
&afl->out_scratch_size, temp_len + clone_len);
/* Head */ /* Head */
@ -1979,9 +1978,9 @@ havoc_stage:
memcpy(new_buf + clone_to + clone_len, out_buf + clone_to, memcpy(new_buf + clone_to + clone_len, out_buf + clone_to,
temp_len - clone_to); temp_len - clone_to);
swap_bufs((void **)&afl->out_buf, &afl->out_size, swap_bufs(BUF_PARAMS(out), BUF_PARAMS(out_scratch));
(void **)&afl->out_scratch_buf, &afl->out_scratch_size);
out_buf = new_buf; out_buf = new_buf;
new_buf = NULL;
temp_len += clone_len; temp_len += clone_len;
} }
@ -2108,6 +2107,7 @@ havoc_stage:
swap_bufs(BUF_PARAMS(out), BUF_PARAMS(out_scratch)); swap_bufs(BUF_PARAMS(out), BUF_PARAMS(out_scratch));
out_buf = new_buf; out_buf = new_buf;
new_buf = NULL;
temp_len += extra_len; temp_len += extra_len;
break; break;