about summary refs log tree commit diff
path: root/src/afl-fuzz-init.c
diff options
context:
space:
mode:
authorvan Hauser <vh@thc.org>2020-12-15 09:39:10 +0100
committerGitHub <noreply@github.com>2020-12-15 09:39:10 +0100
commit8e712d1a740b30f9e2d5655d97d4cac6e8aed543 (patch)
tree912ea1a05ba03709563b9ebea43957cd9a463fbf /src/afl-fuzz-init.c
parent12d62d539353517abee8069df6e591f4fc474e93 (diff)
parent149ec41e9039d79420088c6de7bfc7feba5fe937 (diff)
downloadafl++-8e712d1a740b30f9e2d5655d97d4cac6e8aed543.tar.gz
Merge pull request #628 from AFLplusplus/dev 3.0c
Final push to stable
Diffstat (limited to 'src/afl-fuzz-init.c')
-rw-r--r--src/afl-fuzz-init.c18
1 files changed, 13 insertions, 5 deletions
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index 6707340b..0db3a111 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -772,10 +772,17 @@ void perform_dry_run(afl_state_t *afl) {
 
   while (q) {
 
-    u8 *use_mem;
+    u8  use_mem[MAX_FILE];
     u8  res;
     s32 fd;
 
+    if (unlikely(!q->len)) {
+
+      WARNF("Skipping 0-sized entry in queue (%s)", q->fname);
+      continue;
+
+    }
+
     u8 *fn = strrchr(q->fname, '/') + 1;
 
     ACTF("Attempting dry run with '%s'...", fn);
@@ -783,9 +790,8 @@ void perform_dry_run(afl_state_t *afl) {
     fd = open(q->fname, O_RDONLY);
     if (fd < 0) { PFATAL("Unable to open '%s'", q->fname); }
 
-    use_mem = ck_alloc_nozero(q->len);
-
-    if (read(fd, use_mem, q->len) != (ssize_t)q->len) {
+    u32 read_len = MIN(q->len, (u32)MAX_FILE);
+    if (read(fd, use_mem, read_len) != (ssize_t)read_len) {
 
       FATAL("Short read from '%s'", q->fname);
 
@@ -794,7 +800,6 @@ void perform_dry_run(afl_state_t *afl) {
     close(fd);
 
     res = calibrate_case(afl, q, use_mem, 0, 1);
-    ck_free(use_mem);
 
     if (afl->stop_soon) { return; }
 
@@ -2449,6 +2454,8 @@ void setup_testcase_shmem(afl_state_t *afl) {
 
 void check_binary(afl_state_t *afl, u8 *fname) {
 
+  if (unlikely(!fname)) { FATAL("BUG: Binary name is NULL"); }
+
   u8 *        env_path = 0;
   struct stat st;
 
@@ -2477,6 +2484,7 @@ void check_binary(afl_state_t *afl, u8 *fname) {
       if (delim) {
 
         cur_elem = ck_alloc(delim - env_path + 1);
+        if (unlikely(!cur_elem)) { FATAL("Unexpected large PATH"); }
         memcpy(cur_elem, env_path, delim - env_path);
         ++delim;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-19 08:34:32 +0000