OOB read in main:150

[andreafioraldi]

        file_size = filestatus.st_size;
        file_contents = (char*)malloc(filestatus.st_size);
        if ( file_contents == NULL) {
                fprintf(stderr, "Memory error: unable to allocate %d bytes\n", file_size);
                return 1;
        }

        fp = fopen(filename, "rt");
        if (fp == NULL) {
                fprintf(stderr, "Unable to open %s\n", filename);
                fclose(fp);
                free(file_contents);
                return 1;
        }
        if ( fread(file_contents, file_size, 1, fp) != 1 ) {
                fprintf(stderr, "Unable t read content of %s\n", filename);
                fclose(fp);
                free(file_contents);
                return 1;
        }
        fclose(fp);

        printf("%s\n", file_contents);

You read the file in file_contents and the print it. file_contents is not a string, if the file doen't contain a NUL byte at the end this will trigger a OOB read heap overflow.
This is not one of the artificial vulns and prevents the fuzzing using ASan cause it crashes even with the initial seed.

[andreafioraldi]

Btw I found all the bugs using the dumb mode of afl-fuzz (-n) + ASan (commenting out printf("%s\n", file_contents);) so, unless you insert hard to reach vulns, this is really useless if you want to evaluate modern fuzzers