about summary refs log tree commit diff
path: root/instrumentation/split-switches-pass.so.cc
diff options
context:
space:
mode:
authorResery <50428593+Resery@users.noreply.github.com>2024-02-21 05:42:55 -0600
committerGitHub <noreply@github.com>2024-02-21 12:42:55 +0100
commit340d6aa97cd8fa18e8c7650ac9067e1b2688e8bb (patch)
treecb942c11d768d382ced957983591eb8f9887db0e /instrumentation/split-switches-pass.so.cc
parent5ae4a7ae023e7acdefc95cc9ec899763e6e4f69f (diff)
downloadafl++-340d6aa97cd8fa18e8c7650ac9067e1b2688e8bb.tar.gz
unicornafl: fix malloc of size 0 (#2010)
* bugfix: free a chunk with a size of 0, it will cause 1 byte oob.

Malloc does not check the size. Generally, malloc(0) should return 0 but there will return two pages. Free will use is_buffer_in_chunk to check whether the address is in the chunk. At that time, the chunk.data_addr == total_size . Free pass address and "1" to is_buffer_in_chunk. So cause 1 byte out-of-bound.

* typo
Diffstat (limited to 'instrumentation/split-switches-pass.so.cc')
0 files changed, 0 insertions, 0 deletions