From e0663c91b9cbf1bdc46593dec4ba11224e6847d7 Mon Sep 17 00:00:00 2001
From: van Hauser <vh@thc.org>
Date: Tue, 26 Jan 2021 12:15:13 +0100
Subject: wip fix

---
 src/afl-fuzz-init.c | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

(limited to 'src/afl-fuzz-init.c')

diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index fed58eb6..2cb152a9 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -1026,6 +1026,14 @@ void perform_dry_run(afl_state_t *afl) {
         /* Remove from fuzzing queue but keep for splicing */
 
         struct queue_entry *p = afl->queue;
+
+        if (!p->disabled && !p->was_fuzzed) {
+
+          --afl->pending_not_fuzzed;
+          --afl->active_paths;
+
+        }
+
         p->disabled = 1;
         p->perf_score = 0;
         while (p && p->next != q)
@@ -1036,9 +1044,6 @@ void perform_dry_run(afl_state_t *afl) {
         else
           afl->queue = q->next;
 
-        --afl->pending_not_fuzzed;
-        --afl->active_paths;
-
         afl->max_depth = 0;
         p = afl->queue;
         while (p) {
@@ -1123,8 +1128,16 @@ restart_outer_cull_loop:
       if (!p->cal_failed && p->exec_cksum == q->exec_cksum) {
 
         duplicates = 1;
-        --afl->pending_not_fuzzed;
-        afl->active_paths--;
+        if (!p->disabled && !q->disabled && !p->was_fuzzed && !q->was_fuzzed) {
+
+          --afl->pending_not_fuzzed;
+          afl->active_paths--;
+
+        } else {
+        
+          FATAL("disabled entry? this should not happen, please report!");
+        
+        }
 
         // We do not remove any of the memory allocated because for
         // splicing the data might still be interesting.
-- 
cgit 1.4.1