diff --git a/fuzzers/forkserver/fuzzbench_forkserver/src/main.rs b/fuzzers/forkserver/fuzzbench_forkserver/src/main.rs
index 25b140940b..1e547fd16d 100644
--- a/fuzzers/forkserver/fuzzbench_forkserver/src/main.rs
+++ b/fuzzers/forkserver/fuzzbench_forkserver/src/main.rs
@@ -365,6 +365,7 @@ fn fuzz(
             .debug_child(debug_child)
             .shmem_provider(&mut shmem_provider)
             .parse_afl_cmdline(arguments)
+            .coverage_map_size(MAP_SIZE)
             .is_persistent(true)
             .timeout(timeout * 10)
             .kill_signal(signal)
diff --git a/fuzzers/forkserver/fuzzbench_forkserver_cmplog/src/main.rs b/fuzzers/forkserver/fuzzbench_forkserver_cmplog/src/main.rs
index cf99c2e53c..3775a3bc33 100644
--- a/fuzzers/forkserver/fuzzbench_forkserver_cmplog/src/main.rs
+++ b/fuzzers/forkserver/fuzzbench_forkserver_cmplog/src/main.rs
@@ -369,6 +369,7 @@ fn fuzz(
             .debug_child(debug_child)
             .shmem_provider(&mut shmem_provider)
             .parse_afl_cmdline(arguments)
+            .coverage_map_size(MAP_SIZE)
             .is_persistent(true)
             // increase timeouts for cmplog
             .timeout(timeout * 10)
diff --git a/libafl/src/mutators/token_mutations.rs b/libafl/src/mutators/token_mutations.rs
index 8bbe6a633c..36aabcb172 100644
--- a/libafl/src/mutators/token_mutations.rs
+++ b/libafl/src/mutators/token_mutations.rs
@@ -1301,9 +1301,11 @@ impl AflppRedQueen {
         if copy_len > 0 {
             unsafe {
                 for l in 1..=copy_len {
-                    let mut cloned = buf.to_vec();
-                    buffer_copy(&mut cloned, repl, 0, buf_idx, l);
-                    vec.push(cloned);
+                    if l <= repl.len() {
+                        let mut cloned = buf.to_vec();
+                        buffer_copy(&mut cloned, repl, 0, buf_idx, l);
+                        vec.push(cloned);
+                    }
                 }
                 // vec.push(cloned);
             }