about summary refs log tree commit diff
path: root/src/afl-fuzz-run.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/afl-fuzz-run.c')
-rw-r--r--src/afl-fuzz-run.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c
index 5f928333..94cfc383 100644
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@@ -878,9 +878,11 @@ u8 common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) {
   if (unlikely(afl->taint_needs_splode)) {
 
     s32 new_len = afl->queue_cur->len + len - afl->taint_len;
-    if (new_len < 4) new_len = 4;
-    if (new_len > MAX_FILE) new_len = MAX_FILE;
-    u8 *new_buf = ck_maybe_grow(BUF_PARAMS(in_scratch), new_len);
+    if (new_len < 4)
+      new_len = 4;
+    else if (new_len > MAX_FILE)
+      new_len = MAX_FILE;
+    u8 *new_buf = ck_maybe_grow(BUF_PARAMS(out_scratch), new_len);
 
     u32 i, taint = 0;
     for (i = 0; i < (u32)new_len; i++) {
@@ -892,6 +894,8 @@ u8 common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) {
 
     }
 
+    swap_bufs(BUF_PARAMS(out), BUF_PARAMS(out_scratch));
+
     out_buf = new_buf;
     len = new_len;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-18 12:53:06 +0000