about summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
authorDominik Maier <domenukk@gmail.com>2021-05-15 18:23:13 +0200
committerDominik Maier <domenukk@gmail.com>2021-05-15 18:23:13 +0200
commit3d28925c13b5fc171b239c0c0451686967ee3bda (patch)
tree63308734c4b238e06a3788eb5e15abed580b9f5d /src
parent000c72909530274cb52015fee69e9700ec6a2c7e (diff)
downloadafl++-3d28925c13b5fc171b239c0c0451686967ee3bda.tar.gz
additional safety checks for restarts
Diffstat (limited to 'src')
-rw-r--r--src/afl-fuzz.c13
1 files changed, 10 insertions, 3 deletions
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 094fd161..a4599b4a 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -332,7 +332,7 @@ static int stricmp(char const *a, char const *b) {
 
 int main(int argc, char **argv_orig, char **envp) {
 
-  s32 opt, i, auto_sync = 0 /*, user_set_cache = 0*/;
+  s32 opt, auto_sync = 0 /*, user_set_cache = 0*/;
   u64 prev_queued = 0;
   u32 sync_interval_cnt = 0, seek_to = 0, show_help = 0,
       map_size = get_map_size();
@@ -1770,7 +1770,7 @@ int main(int argc, char **argv_orig, char **envp) {
 
   if (extras_dir_cnt) {
 
-    for (i = 0; i < extras_dir_cnt; i++) {
+    for (u8 i = 0; i < extras_dir_cnt; i++) {
 
       load_extras(afl, extras_dir[i]);
 
@@ -1922,6 +1922,13 @@ int main(int argc, char **argv_orig, char **envp) {
 
         if (unlikely(seek_to)) {
 
+          if (unlikely(seek_to >= afl->queued_paths)) {
+
+            // This should never happen.
+            FATAL("BUG: seek_to location out of bounds!\n");
+
+          }
+
           afl->current_entry = seek_to;
           afl->queue_cur = afl->queue_buf[seek_to];
           seek_to = 0;
@@ -2061,7 +2068,7 @@ int main(int argc, char **argv_orig, char **envp) {
         }
 
         // we must recalculate the scores of all queue entries
-        for (i = 0; i < (s32)afl->queued_paths; i++) {
+        for (u32 i = 0; i < afl->queued_paths; i++) {
 
           if (likely(!afl->queue_buf[i]->disabled)) {