2 files changed, 107 insertions, 91 deletions

diff --git a/include/afl-mutations.h b/include/afl-mutations.h
index 08037b09..a3c9fd59 100644
--- a/include/afl-mutations.h
+++ b/include/afl-mutations.h
@@ -78,83 +78,84 @@ enum {
 };
 
   #define MUT_NORMAL_ARRAY_SIZE 77
-u32 normal_splice[MUT_NORMAL_ARRAY_SIZE] = {MUT_FLIPBIT,
-                                            MUT_FLIPBIT,
-                                            MUT_FLIPBIT,
-                                            MUT_FLIPBIT,
-                                            MUT_INTERESTING8,
-                                            MUT_INTERESTING8,
-                                            MUT_INTERESTING8,
-                                            MUT_INTERESTING8,
-                                            MUT_INTERESTING16,
-                                            MUT_INTERESTING16,
-                                            MUT_INTERESTING16BE,
-                                            MUT_INTERESTING16BE,
-                                            MUT_INTERESTING32,
-                                            MUT_INTERESTING32,
-                                            MUT_INTERESTING32BE,
-                                            MUT_INTERESTING32BE,
-                                            MUT_ARITH8_,
-                                            MUT_ARITH8_,
-                                            MUT_ARITH8_,
-                                            MUT_ARITH8_,
-                                            MUT_ARITH8,
-                                            MUT_ARITH8,
-                                            MUT_ARITH8,
-                                            MUT_ARITH8,
-                                            MUT_ARITH16_,
-                                            MUT_ARITH16_,
-                                            MUT_ARITH16BE_,
-                                            MUT_ARITH16BE_,
-                                            MUT_ARITH16,
-                                            MUT_ARITH16,
-                                            MUT_ARITH16BE,
-                                            MUT_ARITH16BE,
-                                            MUT_ARITH32_,
-                                            MUT_ARITH32_,
-                                            MUT_ARITH32BE_,
-                                            MUT_ARITH32BE_,
-                                            MUT_ARITH32,
-                                            MUT_ARITH32,
-                                            MUT_ARITH32BE,
-                                            MUT_ARITH32BE,
-                                            MUT_RAND8,
-                                            MUT_RAND8,
-                                            MUT_RAND8,
-                                            MUT_RAND8,
-                                            MUT_CLONE_COPY,
-                                            MUT_CLONE_COPY,
-                                            MUT_CLONE_COPY,
-                                            MUT_CLONE_FIXED,
-                                            MUT_OVERWRITE_COPY,
-                                            MUT_OVERWRITE_COPY,
-                                            MUT_OVERWRITE_COPY,
-                                            MUT_OVERWRITE_FIXED,
-                                            MUT_BYTEADD,
-                                            MUT_BYTESUB,
-                                            MUT_FLIP8,
-                                            MUT_SWITCH,
-                                            MUT_SWITCH,
-                                            MUT_DEL,
-                                            MUT_DEL,
-                                            MUT_DEL,
-                                            MUT_DEL,
-                                            MUT_DEL,
-                                            MUT_DEL,
-                                            MUT_DEL,
-                                            MUT_DEL,
-                                            MUT_EXTRA_OVERWRITE,
-                                            MUT_EXTRA_OVERWRITE,
-                                            MUT_EXTRA_INSERT,
-                                            MUT_EXTRA_INSERT,
-                                            MUT_AUTO_EXTRA_OVERWRITE,
-                                            MUT_AUTO_EXTRA_OVERWRITE,
-                                            MUT_AUTO_EXTRA_INSERT,
-                                            MUT_AUTO_EXTRA_INSERT,
-                                            MUT_SPLICE_OVERWRITE,
-                                            MUT_SPLICE_OVERWRITE,
-                                            MUT_SPLICE_INSERT,
-                                            MUT_SPLICE_INSERT};
+u32 normal_splice_array[MUT_NORMAL_ARRAY_SIZE] = {MUT_FLIPBIT,
+                                                  MUT_FLIPBIT,
+                                                  MUT_FLIPBIT,
+                                                  MUT_FLIPBIT,
+                                                  MUT_INTERESTING8,
+                                                  MUT_INTERESTING8,
+                                                  MUT_INTERESTING8,
+                                                  MUT_INTERESTING8,
+                                                  MUT_INTERESTING16,
+                                                  MUT_INTERESTING16,
+                                                  MUT_INTERESTING16BE,
+                                                  MUT_INTERESTING16BE,
+                                                  MUT_INTERESTING32,
+                                                  MUT_INTERESTING32,
+                                                  MUT_INTERESTING32BE,
+                                                  MUT_INTERESTING32BE,
+                                                  MUT_ARITH8_,
+                                                  MUT_ARITH8_,
+                                                  MUT_ARITH8_,
+                                                  MUT_ARITH8_,
+                                                  MUT_ARITH8,
+                                                  MUT_ARITH8,
+                                                  MUT_ARITH8,
+                                                  MUT_ARITH8,
+                                                  MUT_ARITH16_,
+                                                  MUT_ARITH16_,
+                                                  MUT_ARITH16BE_,
+                                                  MUT_ARITH16BE_,
+                                                  MUT_ARITH16,
+                                                  MUT_ARITH16,
+                                                  MUT_ARITH16BE,
+                                                  MUT_ARITH16BE,
+                                                  MUT_ARITH32_,
+                                                  MUT_ARITH32_,
+                                                  MUT_ARITH32BE_,
+                                                  MUT_ARITH32BE_,
+                                                  MUT_ARITH32,
+                                                  MUT_ARITH32,
+                                                  MUT_ARITH32BE,
+                                                  MUT_ARITH32BE,
+                                                  MUT_RAND8,
+                                                  MUT_RAND8,
+                                                  MUT_RAND8,
+                                                  MUT_RAND8,
+                                                  MUT_CLONE_COPY,
+                                                  MUT_CLONE_COPY,
+                                                  MUT_CLONE_COPY,
+                                                  MUT_CLONE_FIXED,
+                                                  MUT_OVERWRITE_COPY,
+                                                  MUT_OVERWRITE_COPY,
+                                                  MUT_OVERWRITE_COPY,
+                                                  MUT_OVERWRITE_FIXED,
+                                                  MUT_BYTEADD,
+                                                  MUT_BYTESUB,
+                                                  MUT_FLIP8,
+                                                  MUT_SWITCH,
+                                                  MUT_SWITCH,
+                                                  MUT_DEL,
+                                                  MUT_DEL,
+                                                  MUT_DEL,
+                                                  MUT_DEL,
+                                                  MUT_DEL,
+                                                  MUT_DEL,
+                                                  MUT_DEL,
+                                                  MUT_DEL,
+                                                  MUT_EXTRA_OVERWRITE,
+                                                  MUT_EXTRA_OVERWRITE,
+                                                  MUT_EXTRA_INSERT,
+                                                  MUT_EXTRA_INSERT,
+                                                  MUT_AUTO_EXTRA_OVERWRITE,
+                                                  MUT_AUTO_EXTRA_OVERWRITE,
+                                                  MUT_AUTO_EXTRA_INSERT,
+                                                  MUT_AUTO_EXTRA_INSERT,
+                                                  MUT_SPLICE_OVERWRITE,
+                                                  MUT_SPLICE_OVERWRITE,
+                                                  MUT_SPLICE_INSERT,
+                                                  MUT_SPLICE_INSERT};
+
   #define MUT_SPLICE_ARRAY_SIZE 81
 u32 full_splice_array[MUT_SPLICE_ARRAY_SIZE] = {MUT_FLIPBIT,
                                                 MUT_FLIPBIT,
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index ec348a95..9d4b366e 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@@ -2081,33 +2081,48 @@ havoc_stage:
      where we take the input file and make random stacked tweaks. */
 
   u32 *mutation_array;
-  u32  stack_max;  // stack_max_pow = afl->havoc_stack_pow2;
+  u32  stack_max, rand_max;  // stack_max_pow = afl->havoc_stack_pow2;
 
-  if (unlikely(afl->text_input || afl->queue_cur->is_ascii)) {  // is text?
+  if (unlikely(afl->expand_havoc && afl->ready_for_splicing_count > 1)) {
 
-    if (likely(afl->fuzz_mode == 0)) {  // is exploration?
+    mutation_array = full_splice_array;
+    rand_max = MUT_SPLICE_ARRAY_SIZE;
 
-      mutation_array = (unsigned int *)&mutation_strategy_exploration_text;
+  } else {
 
-    } else {  // is exploitation!
+    mutation_array = normal_splice_array;
+    rand_max = MUT_NORMAL_ARRAY_SIZE;
 
-      mutation_array = (unsigned int *)&mutation_strategy_exploitation_text;
+  }
 
-    }
+  /*
+    if (unlikely(afl->text_input || afl->queue_cur->is_ascii)) {  // is text?
+
+      if (likely(afl->fuzz_mode == 0)) {  // is exploration?
+
+        mutation_array = (unsigned int *)&mutation_strategy_exploration_text;
+
+      } else {  // is exploitation!
 
-  } else {  // is binary!
+        mutation_array = (unsigned int *)&mutation_strategy_exploitation_text;
 
-    if (likely(afl->fuzz_mode == 0)) {  // is exploration?
+      }
+
+    } else {  // is binary!
 
-      mutation_array = (unsigned int *)&mutation_strategy_exploration_binary;
+      if (likely(afl->fuzz_mode == 0)) {  // is exploration?
 
-    } else {  // is exploitation!
+        mutation_array = (unsigned int *)&mutation_strategy_exploration_binary;
 
-      mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary;
+      } else {  // is exploitation!
+
+        mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary;
+
+      }
 
     }
 
-  }
+  */
 
   /*
   if (temp_len < 64) {
@@ -2180,7 +2195,7 @@ havoc_stage:
 
     retry_havoc_step : {
 
-      u32 r = rand_below(afl, MUT_STRATEGY_ARRAY_SIZE), item;
+      u32 r = rand_below(afl, rand_max), item;
 
       switch (mutation_array[r]) {