ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-12 01:58:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixed potential bugs

Browse Source
This commit is contained in:
Dominik Maier
2020-06-15 11:07:57 +02:00
parent 43bbbbf4e0
commit acb0a2f027
2 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/afl-fuzz-one.c
View File

@ -3846,12 +3846,13 @@ pacemaker_fuzzing:
is redundant, or if its entire span has no bytes set in the is redundant, or if its entire span has no bytes set in the
effector map. */ effector map. */
/* AFLpp: in puppet mode, eff_map is 0. */
if ((afl->extras_cnt > MAX_DET_EXTRAS && if ((afl->extras_cnt > MAX_DET_EXTRAS &&
rand_below(afl, afl->extras_cnt) >= MAX_DET_EXTRAS) || rand_below(afl, afl->extras_cnt) >= MAX_DET_EXTRAS) ||
afl->extras[j].len > len - i || afl->extras[j].len > len - i ||
!memcmp(afl->extras[j].data, out_buf + i, afl->extras[j].len) || !memcmp(afl->extras[j].data, out_buf + i, afl->extras[j].len) ||
!memchr(eff_map + EFF_APOS(i), 1, (eff_map && !memchr(eff_map + EFF_APOS(i), 1,
EFF_SPAN_ALEN(i, afl->extras[j].len))) { EFF_SPAN_ALEN(i, afl->extras[j].len)))) {
afl->stage_max--; afl->stage_max--;
continue; continue;
@ -3954,11 +3955,12 @@ pacemaker_fuzzing:
/* See the comment in the earlier code; afl->extras are sorted by /* See the comment in the earlier code; afl->extras are sorted by
* size. */ * size. */
/* AFLpp: in puppet mode, eff_map is 0. */
if (afl->a_extras[j].len > len - i || if (afl->a_extras[j].len > len - i ||
!memcmp(afl->a_extras[j].data, out_buf + i, !memcmp(afl->a_extras[j].data, out_buf + i,
afl->a_extras[j].len) || afl->a_extras[j].len) ||
!memchr(eff_map + EFF_APOS(i), 1, (eff_map && !memchr(eff_map + EFF_APOS(i), 1,
EFF_SPAN_ALEN(i, afl->a_extras[j].len))) { EFF_SPAN_ALEN(i, afl->a_extras[j].len)))) {
afl->stage_max--; afl->stage_max--;
continue; continue;
@ -3984,13 +3986,15 @@ pacemaker_fuzzing:
afl->stage_finds[STAGE_EXTRAS_AO] += new_hit_cnt - orig_hit_cnt; afl->stage_finds[STAGE_EXTRAS_AO] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_EXTRAS_AO] += afl->stage_max; afl->stage_cycles[STAGE_EXTRAS_AO] += afl->stage_max;
skip_extras_v2: // AFLpp: Never read: skip_extras_v2:
new_hit_cnt = afl->queued_paths + afl->unique_crashes; // new_hit_cnt = afl->queued_paths + afl->unique_crashes;
} }
} }
skip_extras_v2:
afl->stage_cur_byte = -1; afl->stage_cur_byte = -1;
/* The havoc stage mutation code is also invoked when splicing files; if the /* The havoc stage mutation code is also invoked when splicing files; if the

4
src/afl-fuzz-redqueen.c
View File

@ -180,7 +180,7 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len, u64 exec_cksum) {
while (ranges) { while (ranges) {
rng = ranges; rng = ranges;
ranges = ranges->next; ranges = rng->next;
ck_free(rng); ck_free(rng);
rng = NULL; rng = NULL;
@ -224,7 +224,7 @@ checksum_fail:
while (ranges) { while (ranges) {
rng = ranges; rng = ranges;
ranges = ranges->next; ranges = rng->next;
ck_free(rng); ck_free(rng);
rng = NULL; rng = NULL;