From 083adc7e381cb468d5762f57fdd1f6f07a718c3d Mon Sep 17 00:00:00 2001 From: Alwin Berger Date: Mon, 1 Sep 2025 07:46:12 +0000 Subject: [PATCH] prevent MAX_STG_NUM out of bounds --- fuzzers/FRET/src/systemstate/stg.rs | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/fuzzers/FRET/src/systemstate/stg.rs b/fuzzers/FRET/src/systemstate/stg.rs index ccd99db120..cb78e1b29c 100644 --- a/fuzzers/FRET/src/systemstate/stg.rs +++ b/fuzzers/FRET/src/systemstate/stg.rs @@ -12,6 +12,7 @@ use libafl::prelude::State; use libafl::schedulers::MinimizerScheduler; use libafl_bolts::HasRefCnt; use serde::de::DeserializeOwned; +use std::cmp::min; use std::path::PathBuf; use std::sync::Arc; use libafl::corpus::Testcase; @@ -381,7 +382,7 @@ where //============================= Graph Feedback -pub const STG_MAP_SIZE: usize = 1<<28; // 512MB +pub const STG_MAP_SIZE: usize = 1<<29; // 1024 MB pub static mut STG_MAP: [u16; STG_MAP_SIZE] = [0; STG_MAP_SIZE]; pub static mut MAX_STG_NUM: usize = 0; pub unsafe fn stg_map_mut_slice<'a>() -> OwnedMutSlice<'a, u16> { @@ -450,10 +451,10 @@ fn set_observer_map(trace : &Vec) { STG_MAP[i] = 0; } for i in trace { - if MAX_STG_NUM < i.index() { - MAX_STG_NUM = i.index(); - } if i.index() < STG_MAP.len() { + if MAX_STG_NUM < i.index() { + MAX_STG_NUM = min(i.index(), STG_MAP.len() - 1); + } STG_MAP[i.index()] = STG_MAP[i.index()].saturating_add(1); } else { eprintln!("STG Map index out of bounds: {}", i.index());