From 479638f5b7ec7ec424574ce6179c2ec6cacfaab3 Mon Sep 17 00:00:00 2001 From: Alwin Berger Date: Mon, 1 Sep 2025 07:46:12 +0000 Subject: [PATCH] prevent MAX_STG_NUM out of bounds --- fuzzers/FRET/src/systemstate/stg.rs | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/fuzzers/FRET/src/systemstate/stg.rs b/fuzzers/FRET/src/systemstate/stg.rs index b5d51b4aae..1271479993 100644 --- a/fuzzers/FRET/src/systemstate/stg.rs +++ b/fuzzers/FRET/src/systemstate/stg.rs @@ -9,6 +9,7 @@ use libafl::common::HasNamedMetadata; use libafl::schedulers::MinimizerScheduler; use libafl_bolts::HasRefCnt; use serde::de::DeserializeOwned; +use std::cmp::min; use std::path::PathBuf; use std::sync::Arc; use libafl::corpus::Testcase; @@ -378,7 +379,7 @@ where //============================= Graph Feedback -pub const STG_MAP_SIZE: usize = 1<<28; // 512MB +pub const STG_MAP_SIZE: usize = 1<<29; // 1024 MB pub static mut STG_MAP: [u16; STG_MAP_SIZE] = [0; STG_MAP_SIZE]; pub static mut MAX_STG_NUM: usize = 0; pub unsafe fn stg_map_mut_slice<'a>() -> OwnedMutSlice<'a, u16> { @@ -447,10 +448,10 @@ fn set_observer_map(trace : &Vec) { STG_MAP[i] = 0; } for i in trace { - if MAX_STG_NUM < i.index() { - MAX_STG_NUM = i.index(); - } if i.index() < STG_MAP.len() { + if MAX_STG_NUM < i.index() { + MAX_STG_NUM = min(i.index(), STG_MAP.len() - 1); + } STG_MAP[i.index()] = STG_MAP[i.index()].saturating_add(1); } else { eprintln!("STG Map index out of bounds: {}", i.index());