about summary refs log tree commit diff
path: root/src/afl-fuzz-mutators.c
diff options
context:
space:
mode:
authorDominik Maier <domenukk@gmail.com>2020-03-28 04:57:44 +0100
committerDominik Maier <domenukk@gmail.com>2020-04-01 13:10:05 +0200
commit9785b15ed264951b006093f9ee4564820c153593 (patch)
tree7aef4f2717407f0fd198c7c82b29e09fe44a9c5d /src/afl-fuzz-mutators.c
parent8c94a3d17714aed316619dea72b25251e2629ed7 (diff)
downloadafl++-9785b15ed264951b006093f9ee4564820c153593.tar.gz
more custom mutator remodelling
Diffstat (limited to 'src/afl-fuzz-mutators.c')
-rw-r--r--src/afl-fuzz-mutators.c24


1 files changed, 10 insertions, 14 deletions
diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c
index 41bc69c8..0692ebb0 100644
--- a/src/afl-fuzz-mutators.c
+++ b/src/afl-fuzz-mutators.c
@@ -7,6 +7,7 @@
    Now maintained by  Marc Heuse <mh@mh-sec.de>,
                         Heiko Eißfeldt <heiko.eissfeldt@hexco.de> and
                         Andrea Fioraldi <andreafioraldi@gmail.com>
+                        Dominik Maier <mail@dmnk.co>
 
    Copyright 2016, 2017 Google Inc. All rights reserved.
    Copyright 2019-2020 AFLplusplus Project. All rights reserved.
@@ -192,7 +193,8 @@ void load_custom_mutator(afl_state_t *afl, const char *fn) {
 
   /* Initialize the custom mutator */
   if (afl->mutator->afl_custom_init)
-    afl->mutator->data = afl->mutator->afl_custom_init(afl, rand_below(afl, 0xFFFFFFFF));
+    afl->mutator->data =
+        afl->mutator->afl_custom_init(afl, rand_below(afl, 0xFFFFFFFF));
 
 }
 
@@ -218,17 +220,18 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {
 
   while (afl->stage_cur < afl->stage_max) {
 
+    u8 *retbuf = NULL;
+
     sprintf(afl->stage_name_buf, "ptrim %s",
             u_stringify_int(val_buf, trim_exec));
 
     u32 cksum;
 
-    u8 *   retbuf = NULL;
-    size_t retlen = 0;
-
-    afl->mutator->afl_custom_trim(afl->mutator->data, &retbuf, &retlen);
+    size_t retlen = afl->mutator->afl_custom_trim(afl->mutator->data, &retbuf);
 
-    if (retlen > orig_len)
+    if (unlikely(retlen < 0 || !retbuf))
+      FATAL("custom_trim failed (ret %zd)", retlen);
+    else if (unlikely(retlen > orig_len))
       FATAL(
           "Trimmed data returned by custom mutator is larger than original "
           "data");
@@ -238,12 +241,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {
     fault = run_target(afl, afl->fsrv.exec_tmout);
     ++afl->trim_execs;
 
-    if (afl->stop_soon || fault == FAULT_ERROR) {
-
-      ck_free(retbuf);
-      goto abort_trimming;
-
-    }
+    if (afl->stop_soon || fault == FAULT_ERROR) { goto abort_trimming; }
 
     cksum = hash32(afl->fsrv.trace_bits, MAP_SIZE, HASH_CONST);
 
@@ -281,8 +279,6 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {
 
     }
 
-    ck_free(retbuf);
-
     /* Since this can be slow, update the screen every now and then. */
 
     if (!(trim_exec++ % afl->stats_update_freq)) show_stats(afl);

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-16 21:50:59 +0000