about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--docs/Changelog.md9
-rw-r--r--src/afl-fuzz-run.c30
2 files changed, 17 insertions, 22 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md
index e7344761..09e46fb6 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -22,13 +22,14 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
       to allow replay of non-reproducable crashes, see
       AFL_PERSISTENT_RECORD in config.h and docs/envs.h
     - fixed a bug when trimming for stdin targets
-    - default cmplog level (-l) is now 2, better efficiency.
-    - cmplog level 3 (-l 3) now performs redqueen on everything.
-      use with care.
-    - better fuzzing strategy yields for enabled options
+    - cmplog -l: default cmplog level is now 2, better efficiency.
+      level 3 now performs redqueen on everything. use with care.
+    - better fuzzing strategy yield display for enabled options
     - ensure one fuzzer sync per cycle
     - fix afl_custom_queue_new_entry original file name when syncing
       from fuzzers
+    - fixed a crash when more than one custom mutator was used together
+      with afl_custom_post_process
     - on a crashing seed potentially the wrong input was disabled
     - added AFL_EXIT_ON_SEED_ISSUES env that will exit if a seed in
       -i dir crashes the target or results in a timeout. By default
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c
index 5a481639..7df4c625 100644
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@@ -107,27 +107,21 @@ write_to_testcase(afl_state_t *afl, void *mem, u32 len) {
         new_size =
             el->afl_custom_post_process(el->data, new_mem, new_size, &new_buf);
 
-      }
-
-      new_mem = new_buf;
-
-    });
+        if (unlikely(!new_buf && new_size <= 0)) {
 
-    if (unlikely(!new_buf && (new_size <= 0))) {
-
-      FATAL("Custom_post_process failed (ret: %lu)", (long unsigned)new_size);
+          FATAL("Custom_post_process failed (ret: %lu)",
+                (long unsigned)new_size);
 
-    } else if (likely(new_buf)) {
+        }
 
-      /* everything as planned. use the new data. */
-      afl_fsrv_write_to_testcase(&afl->fsrv, new_buf, new_size);
+        new_mem = new_buf;
 
-    } else {
+      }
 
-      /* custom mutators do not has a custom_post_process function */
-      afl_fsrv_write_to_testcase(&afl->fsrv, mem, len);
+    });
 
-    }
+    /* everything as planned. use the potentially new data. */
+    afl_fsrv_write_to_testcase(&afl->fsrv, new_buf, new_size);
 
   } else {
 
@@ -188,16 +182,16 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at,
         new_size =
             el->afl_custom_post_process(el->data, new_mem, new_size, &new_buf);
 
-        if (unlikely(!new_buf || (new_size <= 0))) {
+        if (unlikely(!new_buf || new_size <= 0)) {
 
           FATAL("Custom_post_process failed (ret: %lu)",
                 (long unsigned)new_size);
 
         }
 
-      }
+        new_mem = new_buf;
 
-      new_mem = new_buf;
+      }
 
     });
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-20 20:48:33 +0000