From ff4e2f4192314d6d8608f746756392cd34b6f587 Mon Sep 17 00:00:00 2001
From: Mrmaxmeier <3913977+Mrmaxmeier@users.noreply.github.com>
Date: Fri, 24 Feb 2023 00:07:54 +0100
Subject: [PATCH] Fix max input size for
 {CrossOverInsert,BytesInsertCopy}Mutator (#1097)

---
 libafl/src/mutators/mutations.rs | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/libafl/src/mutators/mutations.rs b/libafl/src/mutators/mutations.rs
index 74f7b9a569..456533ad41 100644
--- a/libafl/src/mutators/mutations.rs
+++ b/libafl/src/mutators/mutations.rs
@@ -818,12 +818,14 @@ where
         _stage_idx: i32,
     ) -> Result<MutationResult, Error> {
         let size = input.bytes().len();
-        if size <= 1 {
+        if size <= 1 || size == state.max_size() {
             return Ok(MutationResult::Skipped);
         }
 
         let target = state.rand_mut().below(size as u64) as usize;
-        let range = rand_range(state, size, size - target);
+        // make sure that the sampled range is both in bounds and of an acceptable size
+        let max_insert_len = min(size - target, state.max_size() - size);
+        let range = rand_range(state, size, max_insert_len);
 
         self.tmp_buf.clear();
         self.tmp_buf.extend(input.bytes()[range].iter().copied());
@@ -959,7 +961,7 @@ where
             return Ok(MutationResult::Skipped);
         }
 
-        let range = rand_range(state, other_size, min(other_size, max_size - size + 1));
+        let range = rand_range(state, other_size, min(other_size, max_size - size));
         let target = state.rand_mut().below(size as u64) as usize;
 
         let mut other_testcase = state.corpus().get(idx)?.borrow_mut();