diff options
| author | Dominik Maier <domenukk@gmail.com> | 2021-04-30 13:35:24 +0200 |
|---|---|---|
| committer | Dominik Maier <domenukk@gmail.com> | 2021-04-30 13:37:59 +0200 |
| commit | e9d2f72382cab75832721d859c3e731da071435d (patch) | |
| tree | 98f84e58d0ee55d04a4e6d8c4e2ec6fe90075bd8 /src/afl-fuzz-one.c | |
| parent | 758bc770a8f2a35e1ec142f9564f2aeac3ce33bc (diff) | |
| download | afl++-e9d2f72382cab75832721d859c3e731da071435d.tar.gz | |
fixed potential double free in custom trim (#881)
Diffstat (limited to 'src/afl-fuzz-one.c')
| -rw-r--r-- | src/afl-fuzz-one.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index d72d4145..ed815cb4 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -508,7 +508,7 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 old_len = afl->queue_cur->len; - u8 res = trim_case(afl, afl->queue_cur, in_buf); + u8 res = trim_case(afl, afl->queue_cur, &in_buf); orig_in = in_buf = queue_testcase_get(afl, afl->queue_cur); if (unlikely(res == FSRV_RUN_ERROR)) { @@ -3007,16 +3007,16 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { u32 old_len = afl->queue_cur->len; - u8 res = trim_case(afl, afl->queue_cur, in_buf); + u8 res = trim_case(afl, afl->queue_cur, &in_buf); orig_in = in_buf = queue_testcase_get(afl, afl->queue_cur); - if (res == FSRV_RUN_ERROR) { + if (unlikely(res == FSRV_RUN_ERROR)) { FATAL("Unable to execute target application"); } - if (afl->stop_soon) { + if (unlikely(afl->stop_soon)) { ++afl->cur_skipped_paths; goto abandon_entry; |