diff options
| author | hexcoder <hexcoder-@users.noreply.github.com> | 2021-07-15 11:14:33 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-07-15 11:14:33 +0200 |
| commit | 21215ac21cfca26f18c5b59ceb71a3b5a2920244 (patch) | |
| tree | 7a36b64ee5462bc0c1b0887e475ef5d9e4fccca1 /src | |
| parent | 3dd39fec906758cc545f526d5003e0f28278b316 (diff) | |
| parent | cd683ed2530d70c958c78395e7ee67b34c6821df (diff) | |
| download | afl++-21215ac21cfca26f18c5b59ceb71a3b5a2920244.tar.gz | |
Merge pull request #1025 from f0rki/custom_mutator_havoc_uaf
fixed potential UAF with custom mutator havoc after realloc
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-fuzz-one.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 76e64f2a..7274f679 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2057,7 +2057,7 @@ havoc_stage: temp_len = new_len; if (out_buf != custom_havoc_buf) { - afl_realloc(AFL_BUF_PARAM(out), temp_len); + out_buf = afl_realloc(AFL_BUF_PARAM(out), temp_len); if (unlikely(!afl->out_buf)) { PFATAL("alloc"); } memcpy(out_buf, custom_havoc_buf, temp_len); |