fix oob flip_bit in mopt code

author: Andrea Fioraldi <andreafioraldi@gmail.com> 2020-02-21 17:51:38 +0100
committer: Andrea Fioraldi <andreafioraldi@gmail.com> 2020-02-21 17:51:38 +0100
commit: 249cd2c7669f9dc9f49e96756b6683744213ee08 (patch)
tree: cc8eb340d93b90fbbcc314ef133f252aab9bc296 /src
parent: 7323833888142d0e6357f22d7e1b6450cd062579 (diff)
download: afl++-249cd2c7669f9dc9f49e96756b6683744213ee08.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index 18376556..078843f0 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@@ -3714,7 +3714,7 @@ pacemaker_fuzzing:
 
             case 1:
               if (temp_len < 2) break;
-              temp_len_puppet = UR(temp_len << 3);
+              temp_len_puppet = UR((temp_len << 3) -1);
               FLIP_BIT(out_buf, temp_len_puppet);
               FLIP_BIT(out_buf, temp_len_puppet + 1);
               MOpt_globals.cycles_v2[STAGE_FLIP2] += 1;
@@ -3722,7 +3722,7 @@ pacemaker_fuzzing:
 
             case 2:
               if (temp_len < 2) break;
-              temp_len_puppet = UR(temp_len << 3);
+              temp_len_puppet = UR((temp_len << 3) -3);
               FLIP_BIT(out_buf, temp_len_puppet);
               FLIP_BIT(out_buf, temp_len_puppet + 1);
               FLIP_BIT(out_buf, temp_len_puppet + 2);
author	Andrea Fioraldi <andreafioraldi@gmail.com>	2020-02-21 17:51:38 +0100
committer	Andrea Fioraldi <andreafioraldi@gmail.com>	2020-02-21 17:51:38 +0100
commit	249cd2c7669f9dc9f49e96756b6683744213ee08 (patch)
tree	cc8eb340d93b90fbbcc314ef133f252aab9bc296 /src
parent	7323833888142d0e6357f22d7e1b6450cd062579 (diff)
download	afl++-249cd2c7669f9dc9f49e96756b6683744213ee08.tar.gz