ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 11:08:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixed potential double free in custom trim (#881)

Browse Source
This commit is contained in:
Dominik Maier
2021-04-30 13:35:24 +02:00
parent 758bc770a8
commit e9d2f72382
4 changed files with 29 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/afl-fuzz-run.c
View File

@ -720,7 +720,10 @@ void sync_fuzzers(afl_state_t *afl) {
trimmer uses power-of-two increments somewhere between 1/16 and 1/1024 of
file size, to keep the stage short and sweet. */
u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {
u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 **in_buf_p) {
// We need to pass pointers around, as growing testcases may need to realloc.
u8 *in_buf = *in_buf_p;
u32 orig_len = q->len;
@ -734,7 +737,8 @@ u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {
if (el->afl_custom_trim) {
trimmed_case = trim_case_custom(afl, q, in_buf, el);
trimmed_case = trim_case_custom(afl, q, in_buf_p, el);
in_buf = *in_buf_p;
custom_trimmed = true;
}