diff options
| -rw-r--r-- | src/afl-fuzz-run.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 01963f8f..691d32f8 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -134,6 +134,8 @@ void write_to_testcase(afl_state_t *afl, void *mem, u32 len) { } +#define BUF_PARAMS(name) (void **)&afl->name##_buf, &afl->name##_size + /* The same, but with an adjustable gap. Used for trimming. */ static void write_with_gap(afl_state_t *afl, void *mem, u32 len, u32 skip_at, @@ -146,8 +148,7 @@ static void write_with_gap(afl_state_t *afl, void *mem, u32 len, u32 skip_at, This memory is used to carry out the post_processing(if present) after copying the testcase by removing the gaps. This can break though */ - u8 mem_trimmed[len - skip_len + - 1]; // 1 extra size to remove chance of overflow + u8 *mem_trimmed = ck_maybe_grow(BUF_PARAMS(out_scratch), len - skip_len + 1); ssize_t new_size = len - skip_len; void * new_mem = mem; @@ -286,6 +287,8 @@ static void write_with_gap(afl_state_t *afl, void *mem, u32 len, u32 skip_at, } +#undef BUF_PARAMS + /* Calibrate a new test case. This is done when processing the input directory to warn about flaky or otherwise problematic test cases early on; and when new paths are discovered to detect variable behavior and so on. */ |