Fix off by one bounds check

`is_hex` reads two bytes but caller previously only ensured that one byte was in bounds.
2025-06-18 20:48:07 +00:00 · 2022-03-07 14:35:25 +10:30
parent 70cc32dc6d
commit c2229b506e
1 changed files with 1 additions and 1 deletions
--- a/src/afl-fuzz-redqueen.c
+++ b/src/afl-fuzz-redqueen.c
@ -2136,7 +2136,7 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry,

      if ((i % 2)) {

-        if (len > idx + i && is_hex(orig_buf + idx + i)) {
+        if (len > idx + i + 1 && is_hex(orig_buf + idx + i)) {

          fromhex += 2;