fix asserts

author: van Hauser <vh@thc.org> 2020-12-08 11:30:05 +0100
committer: van Hauser <vh@thc.org> 2020-12-08 11:30:05 +0100
commit: da6cddab904e363775f157ceafa932f3cdaf6121 (patch)
tree: acb3cf74224edae733655d3a3dd2c231c3b5857a /src/afl-fuzz-bitmap.c
parent: 46156957bd120dc8d8bcd9da72f83574902c654f (diff)
download: afl++-da6cddab904e363775f157ceafa932f3cdaf6121.tar.gz
1 files changed, 4 insertions, 3 deletions
diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c
index f920efa4..f1ca7400 100644
--- a/src/afl-fuzz-bitmap.c
+++ b/src/afl-fuzz-bitmap.c
@@ -457,8 +457,8 @@ u8 *describe_op(afl_state_t *afl, u8 new_bits, size_t max_description_len) {
       ret[len_current++] = ',';
       ret[len_current] = '\0';
 
-      size_t size_left = real_max_len - len_current - strlen(",+cov") - 2;
-      assert(size_left > 0);
+      ssize_t size_left = real_max_len - len_current - strlen(",+cov") - 2;
+      if (unlikely(size_left <= 0)) FATAL("filename got too long");
 
       const char *custom_description =
           afl->current_custom_fuzz->afl_custom_describe(
@@ -505,7 +505,8 @@ u8 *describe_op(afl_state_t *afl, u8 new_bits, size_t max_description_len) {
 
   if (new_bits == 2) { strcat(ret, ",+cov"); }
 
-  assert(strlen(ret) <= max_description_len);
+  if (unlikely(strlen(ret) >= max_description_len))
+    FATAL("describe string is too long");
 
   return ret;
author	van Hauser <vh@thc.org>	2020-12-08 11:30:05 +0100
committer	van Hauser <vh@thc.org>	2020-12-08 11:30:05 +0100
commit	da6cddab904e363775f157ceafa932f3cdaf6121 (patch)
tree	acb3cf74224edae733655d3a3dd2c231c3b5857a /src/afl-fuzz-bitmap.c
parent	46156957bd120dc8d8bcd9da72f83574902c654f (diff)
download	afl++-da6cddab904e363775f157ceafa932f3cdaf6121.tar.gz