From 190f3024dad3713a1b2d3a42b5b99c662dd2cf58 Mon Sep 17 00:00:00 2001
From: Rishi Ranjan <43873720+rish9101@users.noreply.github.com>
Date: Fri, 8 May 2020 23:38:27 +0530
Subject: Support multiple custom mutators (#282)

* Make a list of custom mutators using env variable

* Set up multiple custom mutators

* Add destroy custom mutator and changes to load_custom_mutator

* Use array instead of list, make changes to afl-fuzz-one for multiple mutators

* Make change to fuzz-one custom_queue_get to support multiple mutators

* Modify custom python mutator support

* Fix bug

* Fix missing afl->mutator->data

* Revert to list with max count

* Change custom_pre_save hook and code format

* Free custom_mutator struct in the list

* Add testcase for multiple custom mutators

* Resolve merge conflict
---
 include/afl-fuzz.h | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

(limited to 'include/afl-fuzz.h')

diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index 2203cfdf..d6a19c5d 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -605,8 +605,11 @@ typedef struct afl_state {
   u8 *   in_scratch_buf;
   size_t in_scratch_size;
 
-  u8 *   ex_buf;
-  size_t ex_size;
+  u8 *    ex_buf;
+  size_t  ex_size;
+  u32 custom_mutators_count;
+
+  list_t custom_mutator_list;
 
   /* this is a fixed buffer of size map_size that can be used by any function if
    * they do not call another function */
@@ -620,6 +623,8 @@ struct custom_mutator {
   void *      dh;
   u8 *        pre_save_buf;
   size_t      pre_save_size;
+  u8  stacked_custom_prob,
+      stacked_custom;
 
   void *data;                                    /* custom mutator data ptr */
 
@@ -808,14 +813,14 @@ void read_afl_environment(afl_state_t *, char **);
 /**** Prototypes ****/
 
 /* Custom mutators */
-void setup_custom_mutator(afl_state_t *);
-void destroy_custom_mutator(afl_state_t *);
-u8   trim_case_custom(afl_state_t *, struct queue_entry *q, u8 *in_buf);
+void setup_custom_mutators(afl_state_t *);
+void destroy_custom_mutators(afl_state_t *);
+u8   trim_case_custom(afl_state_t *, struct queue_entry *q, u8 *in_buf, struct custom_mutator * mutator);
 
 /* Python */
 #ifdef USE_PYTHON
 
-void load_custom_mutator_py(afl_state_t *, char *);
+struct custom_mutator * load_custom_mutator_py(afl_state_t *, char *);
 void finalize_py_module(void *);
 
 size_t pre_save_py(void *, u8 *, size_t, u8 **);
-- 
cgit 1.4.1