added NULL check

2025-06-16 03:48:08 +00:00 · 2020-07-30 17:51:32 +02:00
parent ea9ba53cdb
commit 8e809d8593
2 changed files with 6 additions and 2 deletions
--- a/src/afl-common.c
+++ b/src/afl-common.c
@ -145,7 +145,8 @@ char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
  char **new_argv = ck_alloc(sizeof(char *) * (argc + 4));
  u8 *   tmp, *cp = NULL, *rsl, *own_copy;
-  memcpy(new_argv + 3, argv + 1, (int)(sizeof(char *)) * argc);
+  memcpy(&new_argv[3], &argv[1], (int)(sizeof(char *)) * (argc - 1));
  new_argv[argc - 1] = NULL;
  new_argv[2] = *target_path_p;
  new_argv[1] = "--";
@ -226,7 +227,8 @@ char **get_wine_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
  char **new_argv = ck_alloc(sizeof(char *) * (argc + 3));
  u8 *   tmp, *cp = NULL, *rsl, *own_copy;
-  memcpy(new_argv + 2, argv + 1, (int)(sizeof(char *)) * argc);
+  memcpy(&new_argv[2], &argv[1], (int)(sizeof(char *)) * (argc - 1));
  new_argv[argc - 1] = NULL;
  new_argv[1] = *target_path_p;
--- a/src/afl-fuzz-redqueen.c
+++ b/src/afl-fuzz-redqueen.c
@ -319,6 +319,8 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h,
                              u8 *orig_buf, u8 *buf, u32 len, u8 do_reverse,
                              u8 *status) {
  if (!buf) { FATAL("BUG: buf was NULL. Please report this.\n"); }
  u64 *buf_64 = (u64 *)&buf[idx];
  u32 *buf_32 = (u32 *)&buf[idx];
  u16 *buf_16 = (u16 *)&buf[idx];