hunting ref underflow

commit: 2d5fadc1e6a684b5e3e527a64b614f6b1ba8415f [log] [tgz]
author: Dominik Maier <domenukk@gmail.com> Tue Oct 06 16:45:25 2020 +0200
committer: Dominik Maier <domenukk@gmail.com> Tue Oct 06 16:45:25 2020 +0200
tree: abab040ed23eac963737068d90a39148fe80f64f
parent: 4f207b4eba26c2b268ba2fd0a51298d6ab88f110 [diff]
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index a5f77f1..f25ab4e 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c

@@ -4695,9 +4695,6 @@
 
   }                                                                /* block */
 
-  queue_testcase_release(afl, afl->queue_cur);
-  orig_in = NULL;
-
   return ret_val;
 
 }

diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c
index 58e026f..0b49120 100644
--- a/src/afl-fuzz-queue.c
+++ b/src/afl-fuzz-queue.c

@@ -837,10 +837,17 @@
   }
 
   q->testcase_refs++;
-  if (!q->testcase_buf) {
+  if (unlikely(!q->testcase_buf || !q->testcase_refs)) {
+    if (!q->testcase_buf) {
 
-    FATAL("Testcase buf is NULL, this should never happen");
+      FATAL("Testcase buf is NULL, this should never happen");
 
+    }
+    if (!q->testcase_refs) {
+
+      FATAL("Testcase ref overflow. Missing a testcase release somwhere?");
+
+    }
   }
 
   return q->testcase_buf;
commit	2d5fadc1e6a684b5e3e527a64b614f6b1ba8415f	[log] [tgz]
author	Dominik Maier <domenukk@gmail.com>	Tue Oct 06 16:45:25 2020 +0200
committer	Dominik Maier <domenukk@gmail.com>	Tue Oct 06 16:45:25 2020 +0200
tree	abab040ed23eac963737068d90a39148fe80f64f
parent	4f207b4eba26c2b268ba2fd0a51298d6ab88f110 [diff]