ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-17 04:18:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

better fix for #539

Browse Source
This commit is contained in:
Andrea Fioraldi
2020-08-31 20:33:56 +02:00
parent b44620f0b0
commit 6090bb1bca
1 changed files with 26 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
src/afl-fuzz-redqueen.c
View File

@ -264,7 +264,8 @@ static u8 its_fuzz(afl_state_t *afl, u8 *buf, u32 len, u8 *status) {
} }
static long long strntoll(const char *str, size_t sz, char **end, int base) { static int strntoll(const char *str, size_t sz, char **end, int base,
long long* out) {
char buf[64]; char buf[64];
long long ret; long long ret;
@ -272,24 +273,25 @@ static long long strntoll(const char *str, size_t sz, char **end, int base) {
for (; beg && sz && *beg == ' '; beg++, sz--) {}; for (; beg && sz && *beg == ' '; beg++, sz--) {};
if (!sz || sz >= sizeof(buf)) { if (!sz)
return 1;
if (end) *end = (char *)str; if (sz >= sizeof(buf))
return 0; sz = sizeof(buf) -1;
}
memcpy(buf, beg, sz); memcpy(buf, beg, sz);
buf[sz] = '\0'; buf[sz] = '\0';
ret = strtoll(buf, end, base); ret = strtoll(buf, end, base);
if (ret == LLONG_MIN || ret == LLONG_MAX) return ret; if ((ret == LLONG_MIN || ret == LLONG_MAX) && errno == ERANGE)
return 1;
if (end) *end = (char *)beg + (*end - buf); if (end) *end = (char *)beg + (*end - buf);
return ret; *out = ret;
return 0;
} }
static unsigned long long strntoull(const char *str, size_t sz, char **end, static int strntoull(const char *str, size_t sz, char **end, int base,
int base) { unsigned long long* out) {
char buf[64]; char buf[64];
unsigned long long ret; unsigned long long ret;
@ -298,18 +300,20 @@ static unsigned long long strntoull(const char *str, size_t sz, char **end,
for (; beg && sz && *beg == ' '; beg++, sz--) for (; beg && sz && *beg == ' '; beg++, sz--)
; ;
if (!sz || sz >= sizeof(buf)) { if (!sz)
return 1;
if (end) *end = (char *)str; if (sz >= sizeof(buf))
return 0; sz = sizeof(buf) -1;
}
memcpy(buf, beg, sz); memcpy(buf, beg, sz);
buf[sz] = '\0'; buf[sz] = '\0';
ret = strtoull(buf, end, base); ret = strtoull(buf, end, base);
if (ret == ULLONG_MAX && errno == ERANGE)
return 1;
if (end) *end = (char *)beg + (*end - buf); if (end) *end = (char *)beg + (*end - buf);
return ret; *out = ret;
return 0;
} }
@ -336,17 +340,16 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h,
u8 use_num = 0, use_unum = 0; u8 use_num = 0, use_unum = 0;
unsigned long long unum; unsigned long long unum;
long long num; long long num;
if (afl->queue_cur->is_ascii) { if (afl->queue_cur->is_ascii) {
endptr = buf_8; endptr = buf_8;
num = strntoll(buf_8, len - idx, (char **)&endptr, 0); if (strntoll(buf_8, len - idx, (char **)&endptr, 0, &num)) {
if (endptr == buf_8) {
unum = strntoull(buf_8, len - idx, (char **)&endptr, 0); if (!strntoull(buf_8, len - idx, (char **)&endptr, 0, &unum))
if (endptr == buf_8) use_unum = 1; use_unum = 1;
} else } else
use_num = 1; use_num = 1;
} }