Merge pull request #1579 from AFLplusplus/dev

push to stable

1 files changed, 45 insertions, 5 deletions

diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c
index ee4a3298..7f9c3bf3 100644
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@@ -76,6 +76,8 @@ fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) {
 u32 __attribute__((hot))
 write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) {
 
+  u8 sent = 0;
+
   if (unlikely(afl->custom_mutators_count)) {
 
     ssize_t new_size = len;
@@ -133,9 +135,28 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) {
 
     if (new_mem != *mem) { *mem = new_mem; }
 
-    /* everything as planned. use the potentially new data. */
-    afl_fsrv_write_to_testcase(&afl->fsrv, *mem, new_size);
-    len = new_size;
+    if (unlikely(afl->custom_mutators_count)) {
+
+      LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, {
+
+        if (el->afl_custom_fuzz_send) {
+
+          el->afl_custom_fuzz_send(el->data, *mem, new_size);
+          sent = 1;
+
+        }
+
+      });
+
+    }
+
+    if (likely(!sent)) {
+
+      /* everything as planned. use the potentially new data. */
+      afl_fsrv_write_to_testcase(&afl->fsrv, *mem, new_size);
+      len = new_size;
+
+    }
 
   } else {
 
@@ -149,8 +170,27 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) {
 
     }
 
-    /* boring uncustom. */
-    afl_fsrv_write_to_testcase(&afl->fsrv, *mem, len);
+    if (unlikely(afl->custom_mutators_count)) {
+
+      LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, {
+
+        if (el->afl_custom_fuzz_send) {
+
+          el->afl_custom_fuzz_send(el->data, *mem, len);
+          sent = 1;
+
+        }
+
+      });
+
+    }
+
+    if (likely(!sent)) {
+
+      /* boring uncustom. */
+      afl_fsrv_write_to_testcase(&afl->fsrv, *mem, len);
+
+    }
 
   }