Fix heap allocation bug

- Reason: `afl->out_size` is not consistent with the actual allocation of `afl->out_buf`. The deleted line in `src/afl-fuzz-one.c` may change `afl->out_size`, but `afl->out_buf` is not changed
author: h1994st <h1994st@gmail.com> 2020-03-30 05:21:01 -0400
committer: Dominik Maier <domenukk@gmail.com> 2020-03-30 16:46:54 +0200
commit: d9b18ec8530e09f4bcbdb4e1f51bb0e83b4182c8 (patch)
tree: 3e4f864f95b0dced8a7c9500e63c0e499d739221 /examples/custom_mutators/example.c
parent: 6c14415664228a3b5ab245af9b37fb6672619b49 (diff)
download: afl++-d9b18ec8530e09f4bcbdb4e1f51bb0e83b4182c8.tar.gz
1 files changed, 6 insertions, 6 deletions
diff --git a/examples/custom_mutators/example.c b/examples/custom_mutators/example.c
index 7d827029..ec47104d 100644
--- a/examples/custom_mutators/example.c
+++ b/examples/custom_mutators/example.c
@@ -159,13 +159,13 @@ size_t afl_custom_pre_save(my_mutator_t *data, uint8_t *buf, size_t buf_size,
 
   uint8_t *pre_save_buf = data->pre_save_buf;
 
-  memcpy(pre_save_buf + 5, buf, buf_size);
+  memcpy(pre_save_buf, buf, buf_size);
   size_t out_buf_size = buf_size + 5;
-  pre_save_buf[0] = 'A';
-  pre_save_buf[1] = 'F';
-  pre_save_buf[2] = 'L';
-  pre_save_buf[3] = '+';
-  pre_save_buf[4] = '+';
+  pre_save_buf[buf_size + 0] = 'A';
+  pre_save_buf[buf_size + 1] = 'F';
+  pre_save_buf[buf_size + 2] = 'L';
+  pre_save_buf[buf_size + 3] = '+';
+  pre_save_buf[buf_size + 4] = '+';
 
   *out_buf = pre_save_buf;
author	h1994st <h1994st@gmail.com>	2020-03-30 05:21:01 -0400
committer	Dominik Maier <domenukk@gmail.com>	2020-03-30 16:46:54 +0200
commit	d9b18ec8530e09f4bcbdb4e1f51bb0e83b4182c8 (patch)
tree	3e4f864f95b0dced8a7c9500e63c0e499d739221 /examples/custom_mutators/example.c
parent	6c14415664228a3b5ab245af9b37fb6672619b49 (diff)
download	afl++-d9b18ec8530e09f4bcbdb4e1f51bb0e83b4182c8.tar.gz