colorization stage mem leak fix proposal.

author: David Carlier <devnexen@gmail.com> 2020-02-15 16:18:49 +0000
committer: David Carlier <devnexen@gmail.com> 2020-02-15 16:18:49 +0000
commit: 1e679e3cbd23b031f47d1a756763b43acab7e02d (patch)
tree: b35d47aae1e585cbee70df1782aba55176f4f7cf
parent: bd1acfd8683b20636540a37c72867ec785a33ad1 (diff)
download: afl++-1e679e3cbd23b031f47d1a756763b43acab7e02d.tar.gz
1 files changed, 15 insertions, 1 deletions
diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c
index 296fcd98..4f5d69f7 100644
--- a/src/afl-fuzz-redqueen.c
+++ b/src/afl-fuzz-redqueen.c
@@ -128,7 +128,7 @@ u8 colorization(u8* buf, u32 len, u32 exec_cksum) {
     rand_replace(buf + rng->start, s);
 
     u32 cksum;
-    if (unlikely(get_exec_checksum(buf, len, &cksum))) return 1;
+    if (unlikely(get_exec_checksum(buf, len, &cksum))) goto checksum_fail;
 
     if (cksum != exec_cksum) {
 
@@ -149,6 +149,7 @@ u8 colorization(u8* buf, u32 len, u32 exec_cksum) {
   new_hit_cnt = queued_paths + unique_crashes;
   stage_finds[STAGE_COLORIZATION] += new_hit_cnt - orig_hit_cnt;
   stage_cycles[STAGE_COLORIZATION] += stage_max - stage_cur;
+  ck_free(backup);
 
   while (ranges) {
 
@@ -186,6 +187,19 @@ u8 colorization(u8* buf, u32 len, u32 exec_cksum) {
 
   return 0;
 
+checksum_fail:
+  ck_free(backup);
+
+  while (ranges) {
+
+    rng = ranges;
+    ranges = ranges->next;
+    ck_free(rng);
+
+  }
+
+  return 1;
+
 }
 
 ///// Input to State replacement
author	David Carlier <devnexen@gmail.com>	2020-02-15 16:18:49 +0000
committer	David Carlier <devnexen@gmail.com>	2020-02-15 16:18:49 +0000
commit	1e679e3cbd23b031f47d1a756763b43acab7e02d (patch)
tree	b35d47aae1e585cbee70df1782aba55176f4f7cf
parent	bd1acfd8683b20636540a37c72867ec785a33ad1 (diff)
download	afl++-1e679e3cbd23b031f47d1a756763b43acab7e02d.tar.gz