diff options
| author | h1994st <h1994st@gmail.com> | 2020-03-28 00:52:29 -0400 |
|---|---|---|
| committer | Dominik Maier <domenukk@gmail.com> | 2020-04-01 13:10:07 +0200 |
| commit | 0dd8ed9171cdbee3360f4b7f6a9fd91e7478a508 (patch) | |
| tree | 1526ed8333ad947577f23127572931da088b1498 /examples/custom_mutators/example.c | |
| parent | d568559f01b1a7609f8a0c4f7afea513375725e4 (diff) | |
| download | afl++-0dd8ed9171cdbee3360f4b7f6a9fd91e7478a508.tar.gz | |
Fix invalid memory access bug in `afl_custom_pre_save` of example.c
Diffstat (limited to 'examples/custom_mutators/example.c')
| -rw-r--r-- | examples/custom_mutators/example.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/examples/custom_mutators/example.c b/examples/custom_mutators/example.c index a9764f5b..7d827029 100644 --- a/examples/custom_mutators/example.c +++ b/examples/custom_mutators/example.c @@ -157,15 +157,17 @@ size_t afl_custom_pre_save(my_mutator_t *data, uint8_t *buf, size_t buf_size, } - *out_buf = data->pre_save_buf; + uint8_t *pre_save_buf = data->pre_save_buf; - memcpy(*out_buf + 5, buf, buf_size); + memcpy(pre_save_buf + 5, buf, buf_size); size_t out_buf_size = buf_size + 5; - *out_buf[0] = 'A'; - *out_buf[1] = 'F'; - *out_buf[2] = 'L'; - *out_buf[3] = '+'; - *out_buf[4] = '+'; + pre_save_buf[0] = 'A'; + pre_save_buf[1] = 'F'; + pre_save_buf[2] = 'L'; + pre_save_buf[3] = '+'; + pre_save_buf[4] = '+'; + + *out_buf = pre_save_buf; return out_buf_size; |