diff options
| author | Dominik Maier <d.maier@avm.de> | 2020-07-30 17:51:32 +0200 |
|---|---|---|
| committer | Dominik Maier <d.maier@avm.de> | 2020-07-30 17:51:32 +0200 |
| commit | 8e809d8593d9230c123aa22c8cd0b695e54d7c68 (patch) | |
| tree | 927b0b18dbb1b5ac6d2aafbfe9c40524bde9231d | |
| parent | ea9ba53cdbc6d175f3f055c9a308668ebaacda1e (diff) | |
| download | afl++-8e809d8593d9230c123aa22c8cd0b695e54d7c68.tar.gz | |
added NULL check
| -rw-r--r-- | src/afl-common.c | 6 | ||||
| -rw-r--r-- | src/afl-fuzz-redqueen.c | 2 |
2 files changed, 6 insertions, 2 deletions
diff --git a/src/afl-common.c b/src/afl-common.c index c023789b..367dec72 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -145,7 +145,8 @@ char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) { char **new_argv = ck_alloc(sizeof(char *) * (argc + 4)); u8 * tmp, *cp = NULL, *rsl, *own_copy; - memcpy(new_argv + 3, argv + 1, (int)(sizeof(char *)) * argc); + memcpy(&new_argv[3], &argv[1], (int)(sizeof(char *)) * (argc - 1)); + new_argv[argc - 1] = NULL; new_argv[2] = *target_path_p; new_argv[1] = "--"; @@ -226,7 +227,8 @@ char **get_wine_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) { char **new_argv = ck_alloc(sizeof(char *) * (argc + 3)); u8 * tmp, *cp = NULL, *rsl, *own_copy; - memcpy(new_argv + 2, argv + 1, (int)(sizeof(char *)) * argc); + memcpy(&new_argv[2], &argv[1], (int)(sizeof(char *)) * (argc - 1)); + new_argv[argc - 1] = NULL; new_argv[1] = *target_path_p; diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index a2e8f992..d86190a6 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -319,6 +319,8 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, u8 *orig_buf, u8 *buf, u32 len, u8 do_reverse, u8 *status) { + if (!buf) { FATAL("BUG: buf was NULL. Please report this.\n"); } + u64 *buf_64 = (u64 *)&buf[idx]; u32 *buf_32 = (u32 *)&buf[idx]; u16 *buf_16 = (u16 *)&buf[idx]; |