diff options
| -rw-r--r-- | include/alloc-inl.h | 12 | ||||
| -rw-r--r-- | src/afl-fuzz-python.c | 5 |
2 files changed, 8 insertions, 9 deletions
diff --git a/include/alloc-inl.h b/include/alloc-inl.h index ae908162..11c1143a 100644 --- a/include/alloc-inl.h +++ b/include/alloc-inl.h @@ -771,10 +771,10 @@ static inline void TRK_ck_free(void *ptr, const char *file, const char *func, It will realloc *buf otherwise. *size will grow exponentially as per: https://blog.mozilla.org/nnethercote/2014/11/04/please-grow-your-buffers-exponentially/ - Will FATAL if size_needed is <1 or *size is negative. + Will FATAL if size_needed is <1. @return For convenience, this function returns *buf. */ -static inline void *ck_maybe_grow(void **buf, ssize_t *size, +static inline void *ck_maybe_grow(void **buf, size_t *size, size_t size_needed) { /* Oops. found a bug? */ @@ -782,14 +782,14 @@ static inline void *ck_maybe_grow(void **buf, ssize_t *size, /* No need to realloc */ if (likely(*size >= size_needed)) return *buf; - if (unlikely(*size < 0)) FATAL("Negative size detected!"); - /* No inital size was set */ + + /* No initial size was set */ if (*size == 0) *size = INITIAL_GROWTH_SIZE; while (*size < size_needed) { - *size *= 2; /* in case of overflow we'll realloc to size_needed */ - if ((*size) < 0) *size = size_needed; + if (2*(*size) < size_needed) *size = size_needed; + else *size *= 2; } diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index f9f71929..6f8982c0 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -36,7 +36,7 @@ static void *unsupported(afl_state_t *afl, unsigned int seed) { } /* sorry for this makro... -it just filles in `&py_mutator->something_buf, &py_mutator->something_size`. */ +it just fills in `&py_mutator->something_buf, &py_mutator->something_size`. */ #define BUF_PARAMS(name) \ (void **)&((py_mutator_t *)py_mutator)->name##_buf, \ &((py_mutator_t *)py_mutator)->name##_size @@ -371,8 +371,7 @@ size_t pre_save_py(void *py_mutator, u8 *buf, size_t buf_size, u8 **out_buf) { py_out_buf_size = PyByteArray_Size(py_value); - ck_maybe_grow((void **)&py->pre_save_buf, &py->pre_save_size, - py_out_buf_size); + ck_maybe_grow(BUF_PARAMS(pre_save), py_out_buf_size); memcpy(py->pre_save_buf, PyByteArray_AsString(py_value), py_out_buf_size); Py_DECREF(py_value); |