Merge pull request #1941 from AFLplusplus/dev

push to stable

2 files changed, 19 insertions, 4 deletions

diff --git a/include/afl-mutations.h b/include/afl-mutations.h
index 6338c93c..75e66484 100644
--- a/include/afl-mutations.h
+++ b/include/afl-mutations.h
@@ -1082,6 +1082,7 @@ u32 mutation_strategy_exploration_binary[MUT_STRATEGY_ARRAY_SIZE] = {
     MUT_CLONE_COPY,
     MUT_CLONE_COPY,
     MUT_CLONE_COPY,
+    MUT_CLONE_COPY,
     MUT_CLONE_FIXED,
     MUT_CLONE_FIXED,
     MUT_CLONE_FIXED,
@@ -2490,12 +2491,13 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps,
 
       case MUT_INSERTASCIINUM: {
 
-        u32 len = 1 + rand_below(afl, 8);
+        u32 ins_len = 1 + rand_below(afl, 8);
         u32 pos = rand_below(afl, len);
 
         /* Insert ascii number. */
-        if (unlikely(len < pos + len)) {
+        if (unlikely(len < pos + ins_len)) {
 
+          // no retry if we have a small input
           if (unlikely(len < 8)) {
 
             break;
@@ -2511,7 +2513,20 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps,
         u64  val = rand_next(afl);
         char numbuf[32];
         snprintf(numbuf, sizeof(numbuf), "%llu", val);
-        memcpy(buf + pos, numbuf, len);
+        size_t val_len = strlen(numbuf), off;
+
+        if (ins_len > val_len) {
+
+          ins_len = val_len;
+          off = 0;
+
+        } else {
+
+          off = val_len - ins_len;
+
+        }
+
+        memcpy(buf + pos, numbuf + off, ins_len);
 
         break;
 
diff --git a/include/config.h b/include/config.h
index b346d7b4..63340650 100644
--- a/include/config.h
+++ b/include/config.h
@@ -26,7 +26,7 @@
 /* Version string: */
 
 // c = release, a = volatile github dev, e = experimental branch
-#define VERSION "++4.09c"
+#define VERSION "++4.10a"
 
 /******************************************************
  *                                                    *