diff options
| author | van Hauser <vh@thc.org> | 2020-07-29 11:39:00 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-07-29 11:39:00 +0200 |
| commit | 4550613f58342632061944ef09add63240d774cc (patch) | |
| tree | 7896b5ec1f49b3ebe32d1466e85ea8f536ad599e /src/afl-fuzz-mutators.c | |
| parent | ff107714f1af1bd908a35ce54701da1eca8ce25d (diff) | |
| parent | 015fde3703c7b67ee65d74b0f4b7b68b5d1e4d7e (diff) | |
| download | afl++-4550613f58342632061944ef09add63240d774cc.tar.gz | |
Merge branch 'dev' into text_inputs
Diffstat (limited to 'src/afl-fuzz-mutators.c')
| -rw-r--r-- | src/afl-fuzz-mutators.c | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c index 0fb34ab7..b288cf9f 100644 --- a/src/afl-fuzz-mutators.c +++ b/src/afl-fuzz-mutators.c @@ -40,7 +40,7 @@ void setup_custom_mutators(afl_state_t *afl) { if (fn) { - if (afl->limit_time_sig) + if (afl->limit_time_sig && afl->limit_time_sig != -1) FATAL( "MOpt and custom mutator are mutually exclusive. We accept pull " "requests that integrates MOpt with the optional mutators " @@ -168,7 +168,8 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) { /* "afl_custom_deinit", optional for backward compatibility */ mutator->afl_custom_deinit = dlsym(dh, "afl_custom_deinit"); - if (!mutator->afl_custom_deinit) FATAL("Symbol 'afl_custom_init' not found."); + if (!mutator->afl_custom_deinit) + FATAL("Symbol 'afl_custom_deinit' not found."); /* "afl_custom_post_process", optional */ mutator->afl_custom_post_process = dlsym(dh, "afl_custom_post_process"); @@ -282,9 +283,23 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, } else if (unlikely(retlen > orig_len)) { - FATAL( - "Trimmed data returned by custom mutator is larger than original " - "data"); + /* Do not exit the fuzzer, even if the trimmed data returned by the custom + mutator is larger than the original data. For some use cases, like the + grammar mutator, the definition of "size" may have different meanings. + For example, the trimming function in a grammar mutator aims at + reducing the objects in a grammar structure, but does not guarantee to + generate a smaller binary buffer. + + Thus, we allow the custom mutator to generate the trimmed data that is + larger than the original data. */ + + if (afl->not_on_tty && afl->debug) { + + WARNF( + "Trimmed data returned by custom mutator is larger than original " + "data"); + + } } else if (unlikely(retlen == 0)) { |