fix empty range bug in colorization

3 files changed, 8 insertions, 2 deletions

diff --git a/Makefile b/Makefile
index 13be4ec9..70eac6b9 100644
--- a/Makefile
+++ b/Makefile
@@ -57,7 +57,7 @@ ifneq "$(shell uname -m)" "x86_64"
 endif
 
 CFLAGS     ?= -O3 -funroll-loops $(CFLAGS_OPT)
-CFLAGS     += -Wall -g -Wno-pointer-sign -I include/ \
+override CFLAGS     += -Wall -g -Wno-pointer-sign -I include/ \
               -DAFL_PATH=\"$(HELPER_PATH)\" -DBIN_PATH=\"$(BIN_PATH)\" \
               -DDOC_PATH=\"$(DOC_PATH)\" -Wno-unused-function
 
diff --git a/qemu_mode/patches/afl-qemu-cpu-inl.h b/qemu_mode/patches/afl-qemu-cpu-inl.h
index 0ae6364b..9a98fde3 100644
--- a/qemu_mode/patches/afl-qemu-cpu-inl.h
+++ b/qemu_mode/patches/afl-qemu-cpu-inl.h
@@ -368,8 +368,10 @@ static void afl_forkserver(CPUState *cpu) {
 
     if (WIFSTOPPED(status))
       child_stopped = 1;
-    else if (unlikely(first_run && is_persistent))
+    else if (unlikely(first_run && is_persistent)) {
+      fprintf(stderr, "[AFL] ERROR: no persistent iteration executed\n");
       exit(12);  // Persistent is wrong
+    }
     first_run = 0;
 
     if (write(FORKSRV_FD + 1, &status, 4) != 4) exit(7);
diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c
index d46d2b19..bac7357e 100644
--- a/src/afl-fuzz-redqueen.c
+++ b/src/afl-fuzz-redqueen.c
@@ -122,6 +122,9 @@ u8 colorization(u8* buf, u32 len, u32 exec_cksum) {
   while ((rng = pop_biggest_range(&ranges)) != NULL && stage_cur) {
 
     u32 s = rng->end - rng->start;
+    if (s == 0)
+      goto empty_range;
+    
     memcpy(backup, buf + rng->start, s);
     rand_replace(buf + rng->start, s);
 
@@ -136,6 +139,7 @@ u8 colorization(u8* buf, u32 len, u32 exec_cksum) {
 
     } else needs_write = 1;
 
+empty_range:
     ck_free(rng);
     --stage_cur;