silly rand_below_datalen fix

1 files changed, 7 insertions, 3 deletions

diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index dac99a76..2324efa5 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -986,6 +986,8 @@ uint64_t rand_next(afl_state_t *afl);
 
 static inline u32 rand_below(afl_state_t *afl, u32 limit) {
 
+  if (limit <= 1) return 0; 
+
   /* The boundary not being necessarily a power of 2,
      we need to ensure the result uniformity. */
   if (unlikely(!afl->rand_cnt--) && likely(!afl->fixed_seed)) {
@@ -1006,14 +1008,16 @@ static inline u32 rand_below(afl_state_t *afl, u32 limit) {
    expand havoc mode */
 static inline u32 rand_below_datalen(afl_state_t *afl, u32 limit) {
 
+  if (limit <= 1) return 0; 
+
   switch (rand_below(afl, 3)) {
 
     case 2:
-      return (rand_below(afl, limit) % rand_below(afl, limit)) %
-             rand_below(afl, limit);
+      return (rand_below(afl, limit) % (1 + rand_below(afl, limit - 1))) %
+             (1 + rand_below(afl, limit - 1));
       break;
     case 1:
-      return rand_below(afl, limit) % rand_below(afl, limit);
+      return rand_below(afl, limit) % (1 + rand_below(afl, limit - 1));
       break;
     case 0:
       return rand_below(afl, limit);