max_len support

1 files changed, 24 insertions, 3 deletions

diff --git a/custom_mutators/aflpp/aflpp.c b/custom_mutators/aflpp/aflpp.c
index 2b69ad9c..e15d0391 100644
--- a/custom_mutators/aflpp/aflpp.c
+++ b/custom_mutators/aflpp/aflpp.c
@@ -4,6 +4,7 @@ typedef struct my_mutator {
 
   afl_state_t *afl;
   u8          *buf;
+  u32          buf_size;
 
 } my_mutator_t;
 
@@ -19,12 +20,15 @@ my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) {
 
   }
 
-  data->buf = malloc(MAX_FILE);
-  if (!data->buf) {
+  if ((data->buf = malloc(MAX_FILE)) == NULL) {
 
     perror("afl_custom_init alloc");
     return NULL;
 
+  } else {
+
+    data->buf_size = MAX_FILE;
+
   }
 
   data->afl = afl;
@@ -39,6 +43,23 @@ size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, size_t buf_size,
                        u8 **out_buf, uint8_t *add_buf, size_t add_buf_size,
                        size_t max_size) {
 
+  if (max_size > data->buf_size) {
+
+    u8 *ptr = realloc(data->buf, max_size);
+
+    if (ptr) {
+
+      return 0;
+
+    } else {
+
+      data->buf = ptr;
+      data->buf_size = max_size;
+
+    }
+
+  }
+
   u32 havoc_steps = 1 + rand_below(data->afl, 16);
 
   /* set everything up, costly ... :( */
@@ -46,7 +67,7 @@ size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, size_t buf_size,
 
   /* the mutation */
   u32 out_buf_len = afl_mutate(data->afl, data->buf, buf_size, havoc_steps,
-                               false, true, add_buf, add_buf_size);
+                               false, true, add_buf, add_buf_size, max_size);
 
   /* return size of mutated data */
   *out_buf = data->buf;