diff options
| author | Shengtuo Hu <h1994st@users.noreply.github.com> | 2020-07-21 18:00:21 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-07-22 00:00:21 +0200 |
| commit | d90328f6be726190e013f83df37e49383be1c5e4 (patch) | |
| tree | 45adcb042174d7f9a79df7c93d93b44c1bad38d2 | |
| parent | 6c163910eec79058bdaf3a358e75d579da1f9112 (diff) | |
| download | afl++-d90328f6be726190e013f83df37e49383be1c5e4.tar.gz | |
Allow the custom mutator to generate larger trimmed data (#463)
| -rw-r--r-- | src/afl-fuzz-mutators.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c index 0fb34ab7..17a68ff8 100644 --- a/src/afl-fuzz-mutators.c +++ b/src/afl-fuzz-mutators.c @@ -282,9 +282,23 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, } else if (unlikely(retlen > orig_len)) { - FATAL( - "Trimmed data returned by custom mutator is larger than original " - "data"); + /* Do not exit the fuzzer, even if the trimmed data returned by the custom + mutator is larger than the original data. For some use cases, like the + grammar mutator, the definition of "size" may have different meanings. + For example, the trimming function in a grammar mutator aims at + reducing the objects in a grammar structure, but does not guarantee to + generate a smaller binary buffer. + + Thus, we allow the custom mutator to generate the trimmed data that is + larger than the original data. */ + + if (afl->not_on_tty && afl->debug) { + + WARNF( + "Trimmed data returned by custom mutator is larger than original " + "data"); + + } } else if (unlikely(retlen == 0)) { |