Closed anarcheuz closed 3 months ago
Your new_size
should never exceed the size_t MaxSize
parameter, and it looks like it does in this case?
Ah wait, you are right. https://github.com/AFLplusplus/LibAFL/blob/50d75422c8b26089954d8d1b93560400dbeab14a/libafl_targets/src/libfuzzer/mutators.rs#L354
Want to do a PR?
Actually, we might want a replace_bytes
in BytesInput so we don't need the extra copy at all
Actually it should be doable in place
Can you try #2347? Thanks for reporting! We could also use some CI for this...
Seems to be fixed. Thank you!
Thanks for reporting
commit: 50d75422c8b26089954d8d1b93560400dbeab14a
Describe the bug I was trying the libfuzzer shim on a C project:
Looking at the file in question:
bytes
cannot be the same size asinput
as it was truncated bynew_size
returned by libfuzzer's custom mutator.copy_from_slice
will panic if they don't have the same size.Please note the other scheduled_mutate() function that calls libafl_targets_libfuzzer_custom_crossover also has this issue.