hunting ref underflow

author: Dominik Maier <domenukk@gmail.com> 2020-10-06 16:45:25 +0200
committer: Dominik Maier <domenukk@gmail.com> 2020-10-06 16:45:25 +0200
commit: 2d5fadc1e6a684b5e3e527a64b614f6b1ba8415f (patch)
tree: abab040ed23eac963737068d90a39148fe80f64f /src
parent: 4f207b4eba26c2b268ba2fd0a51298d6ab88f110 (diff)
download: afl++-2d5fadc1e6a684b5e3e527a64b614f6b1ba8415f.tar.gz
2 files changed, 9 insertions, 5 deletions
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index a5f77f11..f25ab4ee 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@@ -4695,9 +4695,6 @@ pacemaker_fuzzing:
 
   }                                                                /* block */
 
-  queue_testcase_release(afl, afl->queue_cur);
-  orig_in = NULL;
-
   return ret_val;
 
 }
diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c
index 58e026f5..0b491202 100644
--- a/src/afl-fuzz-queue.c
+++ b/src/afl-fuzz-queue.c
@@ -837,10 +837,17 @@ u8 *queue_testcase_take(afl_state_t *afl, struct queue_entry *q) {
   }
 
   q->testcase_refs++;
-  if (!q->testcase_buf) {
+  if (unlikely(!q->testcase_buf || !q->testcase_refs)) {
+    if (!q->testcase_buf) {
+
+      FATAL("Testcase buf is NULL, this should never happen");
 
-    FATAL("Testcase buf is NULL, this should never happen");
+    }
+    if (!q->testcase_refs) {
 
+      FATAL("Testcase ref overflow. Missing a testcase release somwhere?");
+
+    }
   }
 
   return q->testcase_buf;
author	Dominik Maier <domenukk@gmail.com>	2020-10-06 16:45:25 +0200
committer	Dominik Maier <domenukk@gmail.com>	2020-10-06 16:45:25 +0200
commit	2d5fadc1e6a684b5e3e527a64b614f6b1ba8415f (patch)
tree	abab040ed23eac963737068d90a39148fe80f64f /src
parent	4f207b4eba26c2b268ba2fd0a51298d6ab88f110 (diff)
download	afl++-2d5fadc1e6a684b5e3e527a64b614f6b1ba8415f.tar.gz