ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-15 11:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix another segfault

Browse Source
This commit is contained in:
van Hauser
2020-08-10 13:30:25 +02:00
parent 9c953ab51f
commit 8428b18d2a
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/afl-fuzz-run.c
View File

@ -879,12 +879,13 @@ u8 common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) {
s32 new_len = afl->queue_cur->len + len - afl->taint_len; s32 new_len = afl->queue_cur->len + len - afl->taint_len;
if (new_len < 4) new_len = 4; if (new_len < 4) new_len = 4;
if (new_len > MAX_FILE) new_len = MAX_FILE;
u8 *new_buf = ck_maybe_grow(BUF_PARAMS(in_scratch), new_len); u8 *new_buf = ck_maybe_grow(BUF_PARAMS(in_scratch), new_len);
u32 i, taint = 0; u32 i, taint = 0;
for (i = 0; i < new_len; i++) { for (i = 0; i < new_len; i++) {
if (afl->taint_map[i] || i > afl->queue_cur->len) if (i > afl->taint_len || afl->taint_map[i] || i > afl->queue_cur->len)
new_buf[i] = out_buf[taint++]; new_buf[i] = out_buf[taint++];
else else
new_buf[i] = afl->taint_src[i]; new_buf[i] = afl->taint_src[i];