Don't crash for unset out_file (fixed #562)

author: Dominik Maier <domenukk@gmail.com> 2020-10-29 11:05:07 +0100
committer: Dominik Maier <domenukk@gmail.com> 2020-10-29 11:05:07 +0100
commit: 9347ad49b8adb867c9829c6c03e574ce26bc0942 (patch)
tree: 744337630897ced6e387a8a2f80ed6b3b19b8928
parent: abac876b3aa20d381319d73cbb6c7ad1e7f2395c (diff)
download: afl++-9347ad49b8adb867c9829c6c03e574ce26bc0942.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index df300950..04195d00 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -968,7 +968,7 @@ void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) {
 
     s32 fd = fsrv->out_fd;
 
-    if (!fsrv->use_stdin) {
+    if (!fsrv->use_stdin && fsrv->out_file) {
 
       if (fsrv->no_unlink) {
 
@@ -983,6 +983,11 @@ void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) {
 
       if (fd < 0) { PFATAL("Unable to create '%s'", fsrv->out_file); }
 
+    } else if (unlikely(!fd)) {
+      
+      // We should never have stdin as fd here, 0 is likely unset.
+      FATAL("Nowhere to write output to (neither out_fd nor out_file set)");
+
     } else {
 
       lseek(fd, 0, SEEK_SET);
author	Dominik Maier <domenukk@gmail.com>	2020-10-29 11:05:07 +0100
committer	Dominik Maier <domenukk@gmail.com>	2020-10-29 11:05:07 +0100
commit	9347ad49b8adb867c9829c6c03e574ce26bc0942 (patch)
tree	744337630897ced6e387a8a2f80ed6b3b19b8928
parent	abac876b3aa20d381319d73cbb6c7ad1e7f2395c (diff)
download	afl++-9347ad49b8adb867c9829c6c03e574ce26bc0942.tar.gz