diff options
| author | mchesser <michael.chesser@adelaide.edu.au> | 2022-03-07 14:35:25 +1030 |
|---|---|---|
| committer | mchesser <michael.chesser@adelaide.edu.au> | 2022-03-07 14:35:25 +1030 |
| commit | c2229b506e045bba1864e8b2f8140c8dc6e83a4d (patch) | |
| tree | 4266982affe22f4f128c34c4dab82d32c0ed1955 /src | |
| parent | 70cc32dc6ddac78b686a5b7d16bfd9ede3daa81a (diff) | |
| download | afl++-c2229b506e045bba1864e8b2f8140c8dc6e83a4d.tar.gz | |
Fix off by one bounds check
`is_hex` reads two bytes but caller previously only ensured that one byte was in bounds.
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-fuzz-redqueen.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 1e4b1b3c..66df5c6f 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -2136,7 +2136,7 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, if ((i % 2)) { - if (len > idx + i && is_hex(orig_buf + idx + i)) { + if (len > idx + i + 1 && is_hex(orig_buf + idx + i)) { fromhex += 2; |