diff options
| author | David Melski <melski@grammatech.com> | 2020-05-28 20:25:30 -0400 |
|---|---|---|
| committer | David Melski <melski@grammatech.com> | 2020-05-28 20:25:30 -0400 |
| commit | 4b01d594c40b4e59414413152392963f3cf5247d (patch) | |
| tree | 79253f95f55100170a258443e9dfdbc3c751b222 /src/afl-fuzz-bitmap.c | |
| parent | bb0a31158ae84a7f9ae287c7ce5837c66ae83990 (diff) | |
| download | afl++-4b01d594c40b4e59414413152392963f3cf5247d.tar.gz | |
Fix read_timed when accumulating short reads
The existing code appears to use 'len_read' in several places where
'total_read' was intended. The function may work if the first 1 or 2
iterations of the loop read the requested 'len' bytes.
If the first two reads are "short" and a third read is done, the bytes
will be placed over previously read bytes in buf and more than 'len'
bytes may be read in total, though buf is never overrun.
This commit changes read_timed to
(1) correctly append short reads in buf
(2) correctly terminate when the sum of the short reads
equals the requested 'len' bytes
(3) return an error when read() returns -1 or 0
The function also depends on select() decrementing the timeout
structure, as it does on Linux. On other platforms, the exec_ms
returned is likely incorrect. This patch does not attempt to address
this issue.
Diffstat (limited to 'src/afl-fuzz-bitmap.c')
0 files changed, 0 insertions, 0 deletions