ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-13 18:48:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix heap allocation bug

Browse Source 
- Reason: `afl->out_size` is not consistent with the actual allocation
of `afl->out_buf`. The deleted line in `src/afl-fuzz-one.c` may change
`afl->out_size`, but `afl->out_buf` is not changed
This commit is contained in:
h1994st
2020-03-30 05:21:01 -04:00
committed by Dominik Maier
parent 64e1d3a975
commit 61ea398612
2 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/afl-fuzz-one.c
View File

@ -1621,8 +1621,6 @@ custom_mutator_stage:
if (unlikely(!mutated_buf))
FATAL("Error in custom_fuzz. Size returned: %zd", mutated_size);
if (mutated_size > len) afl->out_size = mutated_size;
if (mutated_size > 0) {
if (common_fuzz_stuff(afl, mutated_buf, (u32)mutated_size)) {
@ -1650,6 +1648,8 @@ custom_mutator_stage:
}
out_buf = ck_maybe_grow(BUF_PARAMS(out), len);
// ??? (h1994st): this line may be not necessary, as we do not modify the
// content of "out_buf".
memcpy(out_buf, in_buf, len);
}