fixed segfault on early bailout

2 files changed, 8 insertions, 4 deletions

diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index 88ff5217..3da5ce5d 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -1063,9 +1063,8 @@ static void handle_existing_out_dir(afl_state_t *afl) {
            "directory manually,\n"
            "    or specify a different output location for this job. To resume "
            "the old\n"
-           "    session, put '-' as the input directory in the command line "
-           "('-i -') or set the AFL_AUTORESUME=1 env variable and\n"
-           "    try again.\n",
+           "    session, pass '-' as input directory in the command line ('-i -')\n"
+           "    or set the 'AFL_AUTORESUME=1' env variable and try again.\n",
            OUTPUT_GRACE);
 
       FATAL("At-risk data found in '%s'", afl->out_dir);
@@ -1510,7 +1509,8 @@ void check_crash_handling(void) {
         "extended delay\n"
         "    between stumbling upon a crash and having this information "
         "relayed to the\n"
-        "    fuzzer via the standard waitpid() API.\n\n"
+        "    fuzzer via the standard waitpid() API.\n"
+        "    If you're just testing, set 'AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1'.\n\n"
 
         "    To avoid having crashes misinterpreted as timeouts, please log in "
         "as root\n"
diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c
index 5ff68aac..63cca14d 100644
--- a/src/afl-fuzz-stats.c
+++ b/src/afl-fuzz-stats.c
@@ -284,6 +284,10 @@ void show_stats(afl_state_t *afl) {
 
   if (afl->not_on_tty) return;
 
+  /* If we haven't started doing things, bail out. */
+
+  if (!afl->queue_cur) return;
+
   /* Compute some mildly useful bitmap stats. */
 
   t_bits = (MAP_SIZE << 3) - count_bits(afl->virgin_bits);