From 7c8246f18f86e1a1e853908bec443bcf0c70e024 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 9 May 2022 14:30:40 +0200 Subject: [PATCH] fix --- src/afl-fuzz-mutators.c | 2 ++ src/afl-fuzz-one.c | 6 +----- src/afl-fuzz-run.c | 3 +-- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c index b6aeec63..9407adfb 100644 --- a/src/afl-fuzz-mutators.c +++ b/src/afl-fuzz-mutators.c @@ -460,6 +460,8 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, } out_len = retlen; + // TODO are we sure that retbuf fits into out_buf if retbuf can actually + // increase in size? memcpy(out_buf, retbuf, retlen); /* Tell the custom mutator that the trimming was successful */ diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index d3801f03..169baab9 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -1961,11 +1961,7 @@ custom_mutator_stage: } - /* `(afl->)out_buf` may have been changed by the call to custom_fuzz - */ - /* TODO: Only do this when `mutated_buf` == `out_buf`? Branch vs - * Memcpy. - */ + /* out_buf may have been changed by the call to custom_fuzz */ memcpy(out_buf, in_buf, len); } diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 866127be..09e773f0 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -132,8 +132,7 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { if (new_mem != *mem) { - *mem = afl_realloc(mem, new_size); - memcpy(*mem, new_mem, new_size); + *mem = new_mem; }