2 files changed, 12 insertions, 18 deletions

diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index 505fb7a3..36126aa7 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -835,7 +835,7 @@ void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) {
 
     *fsrv->shmem_fuzz_len = len;
     memcpy(fsrv->shmem_fuzz, buf, len);
-    // fprintf(stderr, "test case len: %u\n", *fsrv->shmem_fuzz_len);
+    //printf("test case len: %u [0]:0x%02x\n", *fsrv->shmem_fuzz_len, buf[0]); fflush(stdout);
 
   } else {
 
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index 96d4fc46..54d65b9e 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -1960,28 +1960,22 @@ void setup_testcase_shmem(afl_state_t *afl) {
   afl->shm_fuzz = ck_alloc(sizeof(sharedmem_t));
 
   // we need to set the non-instrumented mode to not overwrite the SHM_ENV_VAR
-  if ((afl->fsrv.shmem_fuzz_len =
-           (u32 *)afl_shm_init(afl->shm_fuzz, MAX_FILE + sizeof(int), 1))) {
+  u8 *map = afl_shm_init(afl->shm_fuzz, MAX_FILE + sizeof(u32), 1);
+
+  if (!map) { FATAL("BUG: Zero return from afl_shm_init."); }
 
 #ifdef USEMMAP
-    setenv(SHM_FUZZ_ENV_VAR, afl->shm_fuzz->g_shm_file_path, 1);
+  setenv(SHM_FUZZ_ENV_VAR, afl->shm_fuzz->g_shm_file_path, 1);
 #else
-    u8 *shm_str;
-    shm_str = alloc_printf("%d", afl->shm_fuzz->shm_id);
-    setenv(SHM_FUZZ_ENV_VAR, shm_str, 1);
-    ck_free(shm_str);
+  u8 *shm_str = alloc_printf("%d", afl->shm_fuzz->shm_id);
+  setenv(SHM_FUZZ_ENV_VAR, shm_str, 1);
+  ck_free(shm_str);
 #endif
-    afl->fsrv.support_shmem_fuzz = 1;
-    afl->fsrv.shmem_fuzz = (u8 *)(afl->fsrv.shmem_fuzz_len + sizeof(int));
-
-  } else {
-
-    ck_free(afl->shm_fuzz);
-    afl->shm_fuzz = NULL;
+  afl->fsrv.support_shmem_fuzz = 1;
+  afl->fsrv.shmem_fuzz_len = (u32 *)map;
+  afl->fsrv.shmem_fuzz = map + sizeof(u32);
 
-  }
-
-}
+ }
 
 /* Do a PATH search and find target binary to see that it exists and
    isn't a shell script - a common and painful mistake. We also check for