fix issue #198 AFL_TMPDIR is ignored for file .cur_input
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index bf2f63c..bafb1d6 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -1224,11 +1224,11 @@
if (file_extension) {
- fn = alloc_printf("%s/.cur_input.%s", out_dir, file_extension);
+ fn = alloc_printf("%s/.cur_input.%s", tmp_dir, file_extension);
} else {
- fn = alloc_printf("%s/.cur_input", out_dir);
+ fn = alloc_printf("%s/.cur_input", tmp_dir);
}
@@ -1440,11 +1440,11 @@
u8* fn;
if (file_extension) {
- fn = alloc_printf("%s/.cur_input.%s", out_dir, file_extension);
+ fn = alloc_printf("%s/.cur_input.%s", tmp_dir, file_extension);
} else {
- fn = alloc_printf("%s/.cur_input", out_dir);
+ fn = alloc_printf("%s/.cur_input", tmp_dir);
}
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 0c73ca2..0609061 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -655,11 +655,17 @@
if ((tmp_dir = getenv("AFL_TMPDIR")) != NULL) {
- char tmpfile[strlen(tmp_dir + 16)];
- sprintf(tmpfile, "%s/%s", tmp_dir, ".cur_input");
+ char tmpfile[file_extension
+ ? strlen(tmp_dir) + 1 + 10 + 1 + strlen(file_extension) + 1
+ : strlen(tmp_dir) + 1 + 10 + 1];
+ if (file_extension) {
+ sprintf(tmpfile, "%s/.cur_input.%s", tmp_dir, file_extension);
+ } else {
+ sprintf(tmpfile, "%s/.cur_input", tmp_dir);
+ }
if (access(tmpfile, F_OK) !=
-1) // there is still a race condition here, but well ...
- FATAL("TMP_DIR already has an existing temporary input file: %s",
+ FATAL("AFL_TMPDIR already has an existing temporary input file: %s",
tmpfile);
} else
@@ -854,11 +860,11 @@
if (file_extension) {
- out_file = alloc_printf("%s/.cur_input.%s", out_dir, file_extension);
+ out_file = alloc_printf("%s/.cur_input.%s", tmp_dir, file_extension);
} else {
- out_file = alloc_printf("%s/.cur_input", out_dir);
+ out_file = alloc_printf("%s/.cur_input", tmp_dir);
}
