diff options
| author | van Hauser <vh@thc.org> | 2020-12-08 11:30:05 +0100 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2020-12-08 11:30:05 +0100 |
| commit | da6cddab904e363775f157ceafa932f3cdaf6121 (patch) | |
| tree | acb3cf74224edae733655d3a3dd2c231c3b5857a | |
| parent | 46156957bd120dc8d8bcd9da72f83574902c654f (diff) | |
| download | afl++-da6cddab904e363775f157ceafa932f3cdaf6121.tar.gz | |
fix asserts
| -rw-r--r-- | src/afl-fuzz-bitmap.c | 7 | ||||
| -rw-r--r-- | utils/aflpp_driver/aflpp_qemu_driver.c | 2 |
2 files changed, 5 insertions, 4 deletions
diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index f920efa4..f1ca7400 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -457,8 +457,8 @@ u8 *describe_op(afl_state_t *afl, u8 new_bits, size_t max_description_len) { ret[len_current++] = ','; ret[len_current] = '\0'; - size_t size_left = real_max_len - len_current - strlen(",+cov") - 2; - assert(size_left > 0); + ssize_t size_left = real_max_len - len_current - strlen(",+cov") - 2; + if (unlikely(size_left <= 0)) FATAL("filename got too long"); const char *custom_description = afl->current_custom_fuzz->afl_custom_describe( @@ -505,7 +505,8 @@ u8 *describe_op(afl_state_t *afl, u8 new_bits, size_t max_description_len) { if (new_bits == 2) { strcat(ret, ",+cov"); } - assert(strlen(ret) <= max_description_len); + if (unlikely(strlen(ret) >= max_description_len)) + FATAL("describe string is too long"); return ret; diff --git a/utils/aflpp_driver/aflpp_qemu_driver.c b/utils/aflpp_driver/aflpp_qemu_driver.c index a0c02833..79de5af6 100644 --- a/utils/aflpp_driver/aflpp_qemu_driver.c +++ b/utils/aflpp_driver/aflpp_qemu_driver.c @@ -6,7 +6,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); __attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv); -#define kMaxAflInputSize (1 * 1024 * 1024); +#define kMaxAflInputSize (1 * 1024 * 1024) static uint8_t AflInputBuf[kMaxAflInputSize]; void __attribute__((noinline)) afl_qemu_driver_stdin_input(void) { |