about summary refs log tree commit diff
diff options
context:
space:
mode:
authorvan Hauser <vh@thc.org>2022-09-17 11:53:54 +0200
committerGitHub <noreply@github.com>2022-09-17 11:53:54 +0200
commit2e8a459d0bcd2b824b2cbf549f0773a1c4e06eb4 (patch)
tree1f2a3d3613ffbe7eb61c76045907b5ac711f5281
parent05b1e49bc24a961bd9c886676e9d7eae9155e2ff (diff)
parent02db8685f10246bd458dcf324b6a179b0dbfaf5d (diff)
downloadafl++-2e8a459d0bcd2b824b2cbf549f0773a1c4e06eb4.tar.gz
Merge pull request #1523 from lszekeres/stable
Fix null pointers.
Diffstat
-rw-r--r--utils/aflpp_driver/aflpp_driver.c13
1 files changed, 7 insertions, 6 deletions
diff --git a/utils/aflpp_driver/aflpp_driver.c b/utils/aflpp_driver/aflpp_driver.c
index 52b98f41..3961b401 100644
--- a/utils/aflpp_driver/aflpp_driver.c
+++ b/utils/aflpp_driver/aflpp_driver.c
@@ -198,7 +198,8 @@ size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize) {
 }
 
 // Execute any files provided as parameters.
-static int ExecuteFilesOnyByOne(int argc, char **argv) {
+static int ExecuteFilesOnyByOne(int argc, char **argv, 
+                                int (*callback)(const uint8_t *data, size_t size)) {
 
   unsigned char *buf = (unsigned char *)malloc(MAX_FILE);
 
@@ -234,7 +235,7 @@ static int ExecuteFilesOnyByOne(int argc, char **argv) {
       prev_length = length;
 
       printf("Reading %zu bytes from %s\n", length, argv[i]);
-      LLVMFuzzerTestOneInput(buf, length);
+      callback(buf, length);
       printf("Execution successful.\n");
 
     }
@@ -312,7 +313,7 @@ int LLVMFuzzerRunDriver(int *argcp, char ***argvp,
 
     __afl_sharedmem_fuzzing = 0;
     __afl_manual_init();
-    return ExecuteFilesOnyByOne(argc, argv);
+    return ExecuteFilesOnyByOne(argc, argv, callback);
 
   } else if (argc == 2 && argv[1][0] == '-') {
 
@@ -328,7 +329,7 @@ int LLVMFuzzerRunDriver(int *argcp, char ***argvp,
 
     if (argc == 2) { __afl_manual_init(); }
 
-    return ExecuteFilesOnyByOne(argc, argv);
+    return ExecuteFilesOnyByOne(argc, argv, callback);
 
   }
 
@@ -338,7 +339,7 @@ int LLVMFuzzerRunDriver(int *argcp, char ***argvp,
 
   // Call LLVMFuzzerTestOneInput here so that coverage caused by initialization
   // on the first execution of LLVMFuzzerTestOneInput is ignored.
-  LLVMFuzzerTestOneInput(dummy_input, 4);
+  callback(dummy_input, 4);
 
   __asan_poison_memory_region(__afl_fuzz_ptr, MAX_FILE);
   size_t prev_length = 0;
@@ -375,7 +376,7 @@ int LLVMFuzzerRunDriver(int *argcp, char ***argvp,
 
     while (__afl_persistent_loop(N)) {
 
-      LLVMFuzzerTestOneInput(__afl_fuzz_ptr, *__afl_fuzz_len);
+      callback(__afl_fuzz_ptr, *__afl_fuzz_len);
 
     }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-14 14:23:55 +0000