From 9a5cf8cf9b9b8a046d3ca7d98340e189d4333f1a Mon Sep 17 00:00:00 2001
From: Anh <zenpoems@gmail.com>
Date: Fri, 8 Feb 2019 10:47:19 -0800
Subject: [PATCH] Fix error in graph optimization

---
 afl_transforms/tools/zax/zax_base.cpp | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/afl_transforms/tools/zax/zax_base.cpp b/afl_transforms/tools/zax/zax_base.cpp
index 4ff7000..3466c79 100644
--- a/afl_transforms/tools/zax/zax_base.cpp
+++ b/afl_transforms/tools/zax/zax_base.cpp
@@ -598,6 +598,16 @@ BasicBlockSet_t ZaxBase_t::getBlocksToInstrument(const ControlFlowGraph_t &cfg)
 
 		if (m_bb_graph_optimize)
 		{
+			const auto has_unique_preds=
+				[&](const BasicBlockSet_t& bbs) -> bool
+				{
+					for (const auto & b : bbs)
+					{
+						if (b->getPredecessors().size() != 1)
+							return false;
+					}
+					return true;
+				};
 			const auto has_ibta=
 				[&](const BasicBlockSet_t& successors) -> bool
 				{
@@ -611,6 +621,7 @@ BasicBlockSet_t ZaxBase_t::getBlocksToInstrument(const ControlFlowGraph_t &cfg)
 
 			if (bb->getSuccessors().size() == 2 && 
 			    bb->endsInConditionalBranch() && 
+				has_unique_preds(bb->getSuccessors()) &&
 			    !has_ibta(bb->getSuccessors()))
 			{
 				// for now, until we get a more principled way of pruning the graph,
-- 
GitLab