From 000c72909530274cb52015fee69e9700ec6a2c7e Mon Sep 17 00:00:00 2001
From: Dominik Maier <domenukk@gmail.com>
Date: Sat, 15 May 2021 17:33:05 +0200
Subject: added bounds check to pivot_inputs (fixes #921)

---
 src/afl-fuzz-init.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index cb586111..7337bfbf 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -1294,9 +1294,13 @@ void pivot_inputs(afl_state_t *afl) {
 
       if (src_str && sscanf(src_str + 1, "%06u", &src_id) == 1) {
 
-        struct queue_entry *s = afl->queue_buf[src_id];
+        if (src_id < afl->queued_paths) {
 
-        if (s) { q->depth = s->depth + 1; }
+          struct queue_entry *s = afl->queue_buf[src_id];
+
+          if (s) { q->depth = s->depth + 1; }
+
+        }
 
         if (afl->max_depth < q->depth) { afl->max_depth = q->depth; }
 
-- 
cgit 1.4.1