From a0cdaf71ff99965fb279fa147744968989215920 Mon Sep 17 00:00:00 2001
From: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Mon, 27 Sep 2021 17:48:06 +0200
Subject: [PATCH] Fix not NUL-terminated argv in libfuzzer_initialize

---
 libafl_qemu/src/emu.rs          | 3 ++-
 libafl_targets/src/libfuzzer.rs | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/libafl_qemu/src/emu.rs b/libafl_qemu/src/emu.rs
index 4d9a3f2fd9..39b4d360b4 100644
--- a/libafl_qemu/src/emu.rs
+++ b/libafl_qemu/src/emu.rs
@@ -141,9 +141,10 @@ extern "C" {
 
 #[allow(clippy::must_use_candidate, clippy::similar_names)]
 pub fn init(args: &[String], env: &[(String, String)]) -> i32 {
+    let args: Vec<String> = args.iter().map(|x| x.clone() + "\0").collect();
     let argv: Vec<*const u8> = args.iter().map(|x| x.as_bytes().as_ptr()).collect();
     assert!(argv.len() < i32::MAX as usize);
-    let env_strs: Vec<String> = env.iter().map(|(k, v)| format!("{}={}", &k, &v)).collect();
+    let env_strs: Vec<String> = env.iter().map(|(k, v)| format!("{}={}\0", &k, &v)).collect();
     let mut envp: Vec<*const u8> = env_strs.iter().map(|x| x.as_bytes().as_ptr()).collect();
     envp.push(null());
     #[allow(clippy::cast_possible_wrap)]
diff --git a/libafl_targets/src/libfuzzer.rs b/libafl_targets/src/libfuzzer.rs
index 4effe6c140..aba87b65c4 100644
--- a/libafl_targets/src/libfuzzer.rs
+++ b/libafl_targets/src/libfuzzer.rs
@@ -17,6 +17,7 @@ extern "C" {
 #[allow(clippy::similar_names)]
 #[allow(clippy::must_use_candidate)] // nobody uses that return code...
 pub fn libfuzzer_initialize(args: &[String]) -> i32 {
+    let args: Vec<String> = args.iter().map(|x| x.clone() + "\0").collect();
     let argv: Vec<*const u8> = args.iter().map(|x| x.as_bytes().as_ptr()).collect();
     assert!(argv.len() < i32::MAX as usize);
     #[allow(clippy::cast_possible_wrap)]