From c0bb1bc1e6b2d517aba849fe886bfdc31d24c61a Mon Sep 17 00:00:00 2001
From: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Wed, 21 Sep 2022 14:19:54 +0200
Subject: [PATCH] Fix len miscalculation in grimoire string replace (#794)

* Fix len miscalculation in grimoire string replace

* ok Rust i was writing JS these days

Co-authored-by: Andrea Fioraldi <andrea.fioraldi@trellix.com>
---
 libafl/src/mutators/grimoire.rs | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/libafl/src/mutators/grimoire.rs b/libafl/src/mutators/grimoire.rs
index 3691345781..0c2e2fb9d4 100644
--- a/libafl/src/mutators/grimoire.rs
+++ b/libafl/src/mutators/grimoire.rs
@@ -294,7 +294,8 @@ where
                 if bytes.len() < token_1.len() {
                     continue;
                 }
-                for i in 0..(bytes.len() - token_1.len()) {
+                let mut i = 0;
+                while i < bytes.len() - token_1.len() {
                     if bytes[i..].starts_with(token_1) {
                         bytes.splice(i..(i + token_1.len()), token_2.clone());
 
@@ -303,6 +304,7 @@ where
                             break 'first;
                         }
                     }
+                    i += 1;
                 }
             }
         }
@@ -312,7 +314,8 @@ where
                     if bytes.len() < token_1.len() {
                         continue;
                     }
-                    for i in 0..(bytes.len() - token_1.len()) {
+                    let mut i = 0;
+                    while i < bytes.len() - token_1.len() {
                         if bytes[i..].starts_with(token_1) {
                             bytes.splice(i..(i + token_1.len()), token_2.clone());
 
@@ -321,6 +324,7 @@ where
                                 break 'second;
                             }
                         }
+                        i += 1;
                     }
                 }
             }