diff options
Diffstat (limited to 'src/afl-fuzz-run.c')
| -rw-r--r-- | src/afl-fuzz-run.c | 33 |
1 files changed, 28 insertions, 5 deletions
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 0f3be1a7..b97a8e6a 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -109,17 +109,36 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { if (unlikely(!new_buf && new_size <= 0)) { - FATAL("Custom_post_process failed (ret: %lu)", - (long unsigned)new_size); + new_size = 0; + new_buf = new_mem; + // FATAL("Custom_post_process failed (ret: %lu)", (long + // unsigned)new_size); - } + } else { - new_mem = new_buf; + new_mem = new_buf; + + } } }); + if (unlikely(!new_size)) { + + // perform dummy runs (fix = 1), but skip all others + if (fix) { + + new_size = len; + + } else { + + return 0; + + } + + } + if (unlikely(new_size < afl->min_length && !fix)) { new_size = afl->min_length; @@ -969,7 +988,11 @@ common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { u8 fault; - len = write_to_testcase(afl, (void **)&out_buf, len, 0); + if (unlikely(len = write_to_testcase(afl, (void **)&out_buf, len, 0) == 0)) { + + return 0; + + } fault = fuzz_run_target(afl, &afl->fsrv, afl->fsrv.exec_tmout); |