26 files changed, 58 insertions, 21 deletions

diff --git a/custom_mutators/gramatron/Makefile b/custom_mutators/gramatron/Makefile
new file mode 100644
index 00000000..d24f3dd4
--- /dev/null
+++ b/custom_mutators/gramatron/Makefile
@@ -0,0 +1,7 @@
+all:	gramatron.so
+
+gramatron.so:	gramfuzz.c gramfuzz.h gramfuzz-helpers.c gramfuzz-mutators.c gramfuzz-util.c hashmap.c hashmap.h test.c test.h utarray.h uthash.h
+	$(CC) -O3 -g -fPIC -Wno-unused-result -Wl,--allow-multiple-definition -I../../include -o gramatron.so -shared -I. -I/prg/dev/include gramfuzz.c gramfuzz-helpers.c gramfuzz-mutators.c gramfuzz-util.c hashmap.c test.c -ljson-c
+
+clean:
+	rm -f gramatron.so
diff --git a/custom_mutators/grammatron/README.md b/custom_mutators/gramatron/README.md
index 7f73cf2c..7f73cf2c 100644
--- a/custom_mutators/grammatron/README.md
+++ b/custom_mutators/gramatron/README.md
diff --git a/custom_mutators/grammatron/gramfuzz-helpers.c b/custom_mutators/gramatron/gramfuzz-helpers.c
index f894c850..f894c850 100644
--- a/custom_mutators/grammatron/gramfuzz-helpers.c
+++ b/custom_mutators/gramatron/gramfuzz-helpers.c
diff --git a/custom_mutators/grammatron/gramfuzz-mutators.c b/custom_mutators/gramatron/gramfuzz-mutators.c
index 0255e1d0..0255e1d0 100644
--- a/custom_mutators/grammatron/gramfuzz-mutators.c
+++ b/custom_mutators/gramatron/gramfuzz-mutators.c
diff --git a/custom_mutators/grammatron/gramfuzz-util.c b/custom_mutators/gramatron/gramfuzz-util.c
index cb2e1b59..cb2e1b59 100644
--- a/custom_mutators/grammatron/gramfuzz-util.c
+++ b/custom_mutators/gramatron/gramfuzz-util.c
diff --git a/custom_mutators/grammatron/gramfuzz.c b/custom_mutators/gramatron/gramfuzz.c
index 0d350c9f..5c96ddce 100644
--- a/custom_mutators/grammatron/gramfuzz.c
+++ b/custom_mutators/gramatron/gramfuzz.c
@@ -219,7 +219,7 @@ size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, size_t buf_size,
     data->mut_alloced = 1;
     free(spliceCandidate->start);
     free(spliceCandidate);
-    free(automaton_fn);
+    ck_free(automaton_fn);
 
   } else {  // Generate an input from scratch
 
@@ -251,9 +251,9 @@ size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, size_t buf_size,
  * @param filename_new_queue File name of the new queue entry
  * @param filename_orig_queue File name of the original queue entry
  */
-void afl_custom_queue_new_entry(my_mutator_t * data,
-                                const uint8_t *filename_new_queue,
-                                const uint8_t *filename_orig_queue) {
+u8 afl_custom_queue_new_entry(my_mutator_t * data,
+                              const uint8_t *filename_new_queue,
+                              const uint8_t *filename_orig_queue) {
 
   // get the filename
   u8 *   automaton_fn, *unparsed_input;
@@ -270,6 +270,7 @@ void afl_custom_queue_new_entry(my_mutator_t * data,
 
     new_input = gen_input(pda, NULL);
     write_input(new_input, automaton_fn);
+
     // Update the placeholder file
     if (unlink(filename_new_queue)) {
 
@@ -282,15 +283,17 @@ void afl_custom_queue_new_entry(my_mutator_t * data,
               S_IRUSR | S_IWUSR);
     if (fd < 0) { PFATAL("Failed to update file '%s'", filename_new_queue); }
     int written = write(fd, unparsed_input, new_input->inputlen + 1);
+    close(fd);
+
     free(new_input->start);
     free(new_input);
     free(unparsed_input);
 
   }
 
-  free(automaton_fn);
+  ck_free(automaton_fn);
 
-  return;
+  return 1;
 
 }
 
@@ -388,7 +391,7 @@ uint8_t afl_custom_queue_get(my_mutator_t *data, const uint8_t *filename) {
 
   // data->getdupesret = get_dupes(data->orig_walk, &data->recurlen);
 
-  free(automaton_fn);
+  ck_free(automaton_fn);
   return 1;
 
 }
diff --git a/custom_mutators/grammatron/gramfuzz.h b/custom_mutators/gramatron/gramfuzz.h
index 811e0af7..811e0af7 100644
--- a/custom_mutators/grammatron/gramfuzz.h
+++ b/custom_mutators/gramatron/gramfuzz.h
diff --git a/custom_mutators/grammatron/grammars/js/source.json b/custom_mutators/gramatron/grammars/js/source.json
index 4c1a90d3..4c1a90d3 100644
--- a/custom_mutators/grammatron/grammars/js/source.json
+++ b/custom_mutators/gramatron/grammars/js/source.json
diff --git a/custom_mutators/grammatron/grammars/js/source_automata.json b/custom_mutators/gramatron/grammars/js/source_automata.json
index b5055919..b5055919 100644
--- a/custom_mutators/grammatron/grammars/js/source_automata.json
+++ b/custom_mutators/gramatron/grammars/js/source_automata.json
diff --git a/custom_mutators/grammatron/grammars/php/source.json b/custom_mutators/gramatron/grammars/php/source.json
index 3b2e4895..3b2e4895 100644
--- a/custom_mutators/grammatron/grammars/php/source.json
+++ b/custom_mutators/gramatron/grammars/php/source.json
diff --git a/custom_mutators/grammatron/grammars/php/source_automata.json b/custom_mutators/gramatron/grammars/php/source_automata.json
index 0cfd23ec..0cfd23ec 100644
--- a/custom_mutators/grammatron/grammars/php/source_automata.json
+++ b/custom_mutators/gramatron/grammars/php/source_automata.json
diff --git a/custom_mutators/grammatron/grammars/ruby/source.json b/custom_mutators/gramatron/grammars/ruby/source.json
index df969f5f..df969f5f 100644
--- a/custom_mutators/grammatron/grammars/ruby/source.json
+++ b/custom_mutators/gramatron/grammars/ruby/source.json
diff --git a/custom_mutators/grammatron/grammars/ruby/source_automata.json b/custom_mutators/gramatron/grammars/ruby/source_automata.json
index a1ac13e5..a1ac13e5 100644
--- a/custom_mutators/grammatron/grammars/ruby/source_automata.json
+++ b/custom_mutators/gramatron/grammars/ruby/source_automata.json
diff --git a/custom_mutators/grammatron/hashmap.c b/custom_mutators/gramatron/hashmap.c
index 09715b87..09715b87 100644
--- a/custom_mutators/grammatron/hashmap.c
+++ b/custom_mutators/gramatron/hashmap.c
diff --git a/custom_mutators/grammatron/hashmap.h b/custom_mutators/gramatron/hashmap.h
index bb66ad2e..bb66ad2e 100644
--- a/custom_mutators/grammatron/hashmap.h
+++ b/custom_mutators/gramatron/hashmap.h
diff --git a/custom_mutators/grammatron/preprocess/construct_automata.py b/custom_mutators/gramatron/preprocess/construct_automata.py
index b9e84aa8..b9e84aa8 100644
--- a/custom_mutators/grammatron/preprocess/construct_automata.py
+++ b/custom_mutators/gramatron/preprocess/construct_automata.py
diff --git a/custom_mutators/grammatron/preprocess/gnf_converter.py b/custom_mutators/gramatron/preprocess/gnf_converter.py
index 1e7c8b6c..1e7c8b6c 100644
--- a/custom_mutators/grammatron/preprocess/gnf_converter.py
+++ b/custom_mutators/gramatron/preprocess/gnf_converter.py
diff --git a/custom_mutators/grammatron/preprocess/prep_automaton.sh b/custom_mutators/gramatron/preprocess/prep_automaton.sh
index 28d99fb0..28d99fb0 100755
--- a/custom_mutators/grammatron/preprocess/prep_automaton.sh
+++ b/custom_mutators/gramatron/preprocess/prep_automaton.sh
diff --git a/custom_mutators/grammatron/test.c b/custom_mutators/gramatron/test.c
index 0dfbc197..0dfbc197 100644
--- a/custom_mutators/grammatron/test.c
+++ b/custom_mutators/gramatron/test.c
diff --git a/custom_mutators/grammatron/test.h b/custom_mutators/gramatron/test.h
index 857cb5fc..857cb5fc 100644
--- a/custom_mutators/grammatron/test.h
+++ b/custom_mutators/gramatron/test.h
diff --git a/custom_mutators/grammatron/utarray.h b/custom_mutators/gramatron/utarray.h
index 5c0d272b..5c0d272b 100644
--- a/custom_mutators/grammatron/utarray.h
+++ b/custom_mutators/gramatron/utarray.h
diff --git a/custom_mutators/grammatron/uthash.h b/custom_mutators/gramatron/uthash.h
index 5957899a..5957899a 100644
--- a/custom_mutators/grammatron/uthash.h
+++ b/custom_mutators/gramatron/uthash.h
diff --git a/custom_mutators/grammatron/Makefile b/custom_mutators/grammatron/Makefile
deleted file mode 100644
index 892b5c78..00000000
--- a/custom_mutators/grammatron/Makefile
+++ /dev/null
@@ -1,7 +0,0 @@
-all:	gramatron.so
-
-gramatron.so:	gramfuzz.c gramfuzz.h gramfuzz-helpers.c gramfuzz-mutators.c gramfuzz-util.c hashmap.c hashmap.h test.c test.h utarray.h uthash.h
-	$(CC) -O3 -g -fPIC -Wl,--allow-multiple-definition -I../../include -o gramatron.so -shared -I. -I/prg/dev/include gramfuzz.c gramfuzz-helpers.c gramfuzz-mutators.c gramfuzz-util.c hashmap.c test.c
-
-clean:
-	rm -f gramatron.so
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index 2e2c78ef..70d9473e 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -972,8 +972,8 @@ struct custom_mutator {
    * @param filename_orig_queue File name of the original queue entry. This
    *     argument can be NULL while initializing the fuzzer
    */
-  void (*afl_custom_queue_new_entry)(void *data, const u8 *filename_new_queue,
-                                     const u8 *filename_orig_queue);
+  u8 (*afl_custom_queue_new_entry)(void *data, const u8 *filename_new_queue,
+                                   const u8 *filename_orig_queue);
   /**
    * Deinitialize the custom mutator.
    *
@@ -1021,7 +1021,7 @@ size_t      havoc_mutation_py(void *, u8 *, size_t, u8 **, size_t);
 u8          havoc_mutation_probability_py(void *);
 u8          queue_get_py(void *, const u8 *);
 const char *introspection_py(void *);
-void        queue_new_entry_py(void *, const u8 *, const u8 *);
+u8          queue_new_entry_py(void *, const u8 *, const u8 *);
 void        deinit_py(void *);
 
 #endif
diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c
index 3aa97635..bb4eabcc 100644
--- a/src/afl-fuzz-python.c
+++ b/src/afl-fuzz-python.c
@@ -813,8 +813,8 @@ u8 queue_get_py(void *py_mutator, const u8 *filename) {
 
 }
 
-void queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue,
-                        const u8 *filename_orig_queue) {
+u8 queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue,
+                      const u8 *filename_orig_queue) {
 
   PyObject *py_args, *py_value;
 
@@ -861,7 +861,21 @@ void queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue,
       py_args);
   Py_DECREF(py_args);
 
-  if (py_value == NULL) {
+  if (py_value != NULL) {
+
+    int ret = PyObject_IsTrue(py_value);
+    Py_DECREF(py_value);
+
+    if (ret == -1) {
+
+      PyErr_Print();
+      FATAL("Failed to convert return value");
+
+    }
+
+    return (u8)ret & 0xFF;
+
+  } else {
 
     PyErr_Print();
     FATAL("Call failed");
diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c
index d2689c94..48794e95 100644
--- a/src/afl-fuzz-queue.c
+++ b/src/afl-fuzz-queue.c
@@ -474,6 +474,8 @@ void add_to_queue(afl_state_t *afl, u8 *fname, u32 len, u8 passed_det) {
 
   if (afl->custom_mutators_count) {
 
+    u8 updated = 0;
+
     LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, {
 
       if (el->afl_custom_queue_new_entry) {
@@ -487,12 +489,30 @@ void add_to_queue(afl_state_t *afl, u8 *fname, u32 len, u8 passed_det) {
 
         }
 
-        el->afl_custom_queue_new_entry(el->data, fname, fname_orig);
+        if (el->afl_custom_queue_new_entry(el->data, fname, fname_orig)) {
+
+          updated = 1;
+
+        }
 
       }
 
     });
 
+    if (updated) {
+
+      struct stat st;
+      if (stat(fname, &st)) { PFATAL("File %s is gone!", fname); }
+      if (!st.st_size) {
+
+        FATAL("File %s became empty in custom mutator!", fname);
+
+      }
+
+      q->len = st.st_size;
+
+    }
+
   }
 
   /* only redqueen currently uses is_ascii */