diff options
| author | Michael Rodler <michael.rodler@paluno.uni-due.de> | 2021-07-15 11:03:20 +0200 |
|---|---|---|
| committer | Michael Rodler <michael.rodler@paluno.uni-due.de> | 2021-07-15 11:03:20 +0200 |
| commit | cd683ed2530d70c958c78395e7ee67b34c6821df (patch) | |
| tree | 7a36b64ee5462bc0c1b0887e475ef5d9e4fccca1 | |
| parent | 3dd39fec906758cc545f526d5003e0f28278b316 (diff) | |
| download | afl++-cd683ed2530d70c958c78395e7ee67b34c6821df.tar.gz | |
fixed potential UAF with custom mutator havoc on realloc
| -rw-r--r-- | src/afl-fuzz-one.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 76e64f2a..7274f679 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2057,7 +2057,7 @@ havoc_stage: temp_len = new_len; if (out_buf != custom_havoc_buf) { - afl_realloc(AFL_BUF_PARAM(out), temp_len); + out_buf = afl_realloc(AFL_BUF_PARAM(out), temp_len); if (unlikely(!afl->out_buf)) { PFATAL("alloc"); } memcpy(out_buf, custom_havoc_buf, temp_len); |