about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/afl-fuzz-one.c16
-rw-r--r--src/afl-fuzz-redqueen.c4
2 files changed, 12 insertions, 8 deletions
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index d4083c07..a247a837 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@@ -3846,12 +3846,13 @@ pacemaker_fuzzing:
              is redundant, or if its entire span has no bytes set in the
              effector map. */
 
+          /* AFLpp: in puppet mode, eff_map is 0. */
           if ((afl->extras_cnt > MAX_DET_EXTRAS &&
                rand_below(afl, afl->extras_cnt) >= MAX_DET_EXTRAS) ||
               afl->extras[j].len > len - i ||
               !memcmp(afl->extras[j].data, out_buf + i, afl->extras[j].len) ||
-              !memchr(eff_map + EFF_APOS(i), 1,
-                      EFF_SPAN_ALEN(i, afl->extras[j].len))) {
+              (eff_map && !memchr(eff_map + EFF_APOS(i), 1,
+                      EFF_SPAN_ALEN(i, afl->extras[j].len)))) {
 
             afl->stage_max--;
             continue;
@@ -3954,11 +3955,12 @@ pacemaker_fuzzing:
           /* See the comment in the earlier code; afl->extras are sorted by
            * size. */
 
+          /* AFLpp: in puppet mode, eff_map is 0. */
           if (afl->a_extras[j].len > len - i ||
               !memcmp(afl->a_extras[j].data, out_buf + i,
                       afl->a_extras[j].len) ||
-              !memchr(eff_map + EFF_APOS(i), 1,
-                      EFF_SPAN_ALEN(i, afl->a_extras[j].len))) {
+              (eff_map && !memchr(eff_map + EFF_APOS(i), 1,
+                      EFF_SPAN_ALEN(i, afl->a_extras[j].len)))) {
 
             afl->stage_max--;
             continue;
@@ -3984,13 +3986,15 @@ pacemaker_fuzzing:
       afl->stage_finds[STAGE_EXTRAS_AO] += new_hit_cnt - orig_hit_cnt;
       afl->stage_cycles[STAGE_EXTRAS_AO] += afl->stage_max;
 
-    skip_extras_v2:
-      new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+    // AFLpp: Never read: skip_extras_v2:
+      // new_hit_cnt = afl->queued_paths + afl->unique_crashes;
 
     }
 
   }
 
+skip_extras_v2:
+
   afl->stage_cur_byte = -1;
 
   /* The havoc stage mutation code is also invoked when splicing files; if the
diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c
index 7251550c..43850eb5 100644
--- a/src/afl-fuzz-redqueen.c
+++ b/src/afl-fuzz-redqueen.c
@@ -180,7 +180,7 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len, u64 exec_cksum) {
   while (ranges) {
 
     rng = ranges;
-    ranges = ranges->next;
+    ranges = rng->next;
     ck_free(rng);
     rng = NULL;
 
@@ -224,7 +224,7 @@ checksum_fail:
   while (ranges) {
 
     rng = ranges;
-    ranges = ranges->next;
+    ranges = rng->next;
     ck_free(rng);
     rng = NULL;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-17 10:58:10 +0000