about summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/afl-fuzz-redqueen.c17
-rw-r--r--src/afl-fuzz.c15
2 files changed, 28 insertions, 4 deletions
diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c
index 7844eedf..deaddc56 100644
--- a/src/afl-fuzz-redqueen.c
+++ b/src/afl-fuzz-redqueen.c
@@ -382,6 +382,7 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len,
     rng = ranges;
     ranges = rng->next;
     ck_free(rng);
+    rng = NULL;
 
   }
 
@@ -455,6 +456,15 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len,
   return 0;
 
 checksum_fail:
+  while (ranges) {
+
+    rng = ranges;
+    ranges = rng->next;
+    ck_free(rng);
+    rng = NULL;
+
+  }
+
   ck_free(backup);
   ck_free(changed);
 
@@ -503,6 +513,8 @@ static int strntoll(const char *str, size_t sz, char **end, int base,
   long long   ret;
   const char *beg = str;
 
+  if (!str || !sz) { return 1; }
+
   for (; beg && sz && *beg == ' '; beg++, sz--) {};
 
   if (!sz) return 1;
@@ -526,6 +538,8 @@ static int strntoull(const char *str, size_t sz, char **end, int base,
   unsigned long long ret;
   const char *       beg = str;
 
+  if (!str || !sz) { return 1; }
+
   for (; beg && sz && *beg == ' '; beg++, sz--)
     ;
 
@@ -1303,7 +1317,7 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h,
 
   }
 
-#endif                                         /* CMPLOG_SOLVE_ARITHMETIC */
+#endif                                           /* CMPLOG_SOLVE_ARITHMETIC */
 
   return 0;
 
@@ -2670,3 +2684,4 @@ exit_its:
   return r;
 
 }
+
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index e4139857..e79671e0 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -552,13 +552,22 @@ int main(int argc, char **argv_orig, char **envp) {
 
       case 'F':                                         /* foreign sync dir */
 
-        if (!afl->is_main_node)
+        if (!optarg) { FATAL("Missing path for -F"); }
+        if (!afl->is_main_node) {
+
           FATAL(
               "Option -F can only be specified after the -M option for the "
               "main fuzzer of a fuzzing campaign");
-        if (afl->foreign_sync_cnt >= FOREIGN_SYNCS_MAX)
+
+        }
+
+        if (afl->foreign_sync_cnt >= FOREIGN_SYNCS_MAX) {
+
           FATAL("Maximum %u entried of -F option can be specified",
                 FOREIGN_SYNCS_MAX);
+
+        }
+
         afl->foreign_syncs[afl->foreign_sync_cnt].dir = optarg;
         while (afl->foreign_syncs[afl->foreign_sync_cnt]
                    .dir[strlen(afl->foreign_syncs[afl->foreign_sync_cnt].dir) -
@@ -802,7 +811,7 @@ int main(int argc, char **argv_orig, char **envp) {
 
       case 'l': {
 
-        afl->cmplog_lvl = atoi(optarg);
+        if (optarg) { afl->cmplog_lvl = atoi(optarg); }
         if (afl->cmplog_lvl < 1 || afl->cmplog_lvl > CMPLOG_LVL_MAX) {
 
           FATAL(
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-17 21:20:50 +0000