about summary refs log tree commit diff
path: root/src/afl-fuzz-one.c
diff options
context:
space:
mode:
authorDominik Maier <domenukk@gmail.com>2020-06-15 11:07:57 +0200
committerDominik Maier <domenukk@gmail.com>2020-06-15 11:07:57 +0200
commitacb0a2f027c7dfcca05596ba316d56532f6dbd19 (patch)
treef85ba29864239a4b12d830d0b82de0ba4d565930 /src/afl-fuzz-one.c
parent43bbbbf4e0a0be1c1c612afa2d6aafa0cae2033a (diff)
downloadafl++-acb0a2f027c7dfcca05596ba316d56532f6dbd19.tar.gz
fixed potential bugs
Diffstat (limited to 'src/afl-fuzz-one.c')
-rw-r--r--src/afl-fuzz-one.c16


1 files changed, 10 insertions, 6 deletions
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index d4083c07..a247a837 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@@ -3846,12 +3846,13 @@ pacemaker_fuzzing:
              is redundant, or if its entire span has no bytes set in the
              effector map. */
 
+          /* AFLpp: in puppet mode, eff_map is 0. */
           if ((afl->extras_cnt > MAX_DET_EXTRAS &&
                rand_below(afl, afl->extras_cnt) >= MAX_DET_EXTRAS) ||
               afl->extras[j].len > len - i ||
               !memcmp(afl->extras[j].data, out_buf + i, afl->extras[j].len) ||
-              !memchr(eff_map + EFF_APOS(i), 1,
-                      EFF_SPAN_ALEN(i, afl->extras[j].len))) {
+              (eff_map && !memchr(eff_map + EFF_APOS(i), 1,
+                      EFF_SPAN_ALEN(i, afl->extras[j].len)))) {
 
             afl->stage_max--;
             continue;
@@ -3954,11 +3955,12 @@ pacemaker_fuzzing:
           /* See the comment in the earlier code; afl->extras are sorted by
            * size. */
 
+          /* AFLpp: in puppet mode, eff_map is 0. */
           if (afl->a_extras[j].len > len - i ||
               !memcmp(afl->a_extras[j].data, out_buf + i,
                       afl->a_extras[j].len) ||
-              !memchr(eff_map + EFF_APOS(i), 1,
-                      EFF_SPAN_ALEN(i, afl->a_extras[j].len))) {
+              (eff_map && !memchr(eff_map + EFF_APOS(i), 1,
+                      EFF_SPAN_ALEN(i, afl->a_extras[j].len)))) {
 
             afl->stage_max--;
             continue;
@@ -3984,13 +3986,15 @@ pacemaker_fuzzing:
       afl->stage_finds[STAGE_EXTRAS_AO] += new_hit_cnt - orig_hit_cnt;
       afl->stage_cycles[STAGE_EXTRAS_AO] += afl->stage_max;
 
-    skip_extras_v2:
-      new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+    // AFLpp: Never read: skip_extras_v2:
+      // new_hit_cnt = afl->queued_paths + afl->unique_crashes;
 
     }
 
   }
 
+skip_extras_v2:
+
   afl->stage_cur_byte = -1;
 
   /* The havoc stage mutation code is also invoked when splicing files; if the

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-18 06:06:47 +0000