From 190f3024dad3713a1b2d3a42b5b99c662dd2cf58 Mon Sep 17 00:00:00 2001
From: Rishi Ranjan <43873720+rish9101@users.noreply.github.com>
Date: Fri, 8 May 2020 23:38:27 +0530
Subject: Support multiple custom mutators (#282)

* Make a list of custom mutators using env variable

* Set up multiple custom mutators

* Add destroy custom mutator and changes to load_custom_mutator

* Use array instead of list, make changes to afl-fuzz-one for multiple mutators

* Make change to fuzz-one custom_queue_get to support multiple mutators

* Modify custom python mutator support

* Fix bug

* Fix missing afl->mutator->data

* Revert to list with max count

* Change custom_pre_save hook and code format

* Free custom_mutator struct in the list

* Add testcase for multiple custom mutators

* Resolve merge conflict
---
 src/afl-fuzz-run.c | 49 +++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 41 insertions(+), 8 deletions(-)

(limited to 'src/afl-fuzz-run.c')

diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c
index b7f7f29c..3876dec7 100644
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@@ -89,21 +89,41 @@ void write_to_testcase(afl_state_t *afl, void *mem, u32 len) {
 
 #endif
 
-  if (unlikely(afl->mutator && afl->mutator->afl_custom_pre_save)) {
+  if (unlikely(afl->custom_mutators_count)) {
 
     u8 *new_buf = NULL;
+    ssize_t new_size = len;
+    void * new_mem = mem;
 
-    size_t new_size = afl->mutator->afl_custom_pre_save(afl->mutator->data, mem,
-                                                        len, &new_buf);
+    LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, {
 
-    if (unlikely(!new_buf)) {
+      if (el->afl_custom_pre_save) {
+        new_size = el->afl_custom_pre_save(
+          el->data, new_mem, new_size, &new_buf
+        );
+
+      }
+
+      new_mem = new_buf;
+
+    } );
+
+    if (unlikely(!new_buf && (new_size <= 0))) {
 
       FATAL("Custom_pre_save failed (ret: %lu)", (long unsigned)new_size);
 
+    } else if (likely(new_buf)) {
+
+      /* everything as planned. use the new data. */
+      afl_fsrv_write_to_testcase(&afl->fsrv, new_buf, new_size);
+
+    } else {
+
+      /* custom mutators do not has a custom_pre_save function */
+      afl_fsrv_write_to_testcase(&afl->fsrv, mem, len);
+
     }
 
-    /* everything as planned. use the new data. */
-    afl_fsrv_write_to_testcase(&afl->fsrv, new_buf, new_size);
 
   } else {
 
@@ -513,10 +533,23 @@ void sync_fuzzers(afl_state_t *afl) {
 u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {
 
   /* Custom mutator trimmer */
-  if (afl->mutator && afl->mutator->afl_custom_trim) {
+  if (afl->custom_mutators_count) {
+
+    u8 trimmed_case = 0;
+    bool custom_trimmed = false;
+
+    LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, {
+
+      if (el->afl_custom_trim) {
+        
+        trimmed_case = trim_case_custom(afl, q, in_buf, el);
+        custom_trimmed = true;
+      }
 
-    return trim_case_custom(afl, q, in_buf);
+    } );
 
+    if (custom_trimmed) return trimmed_case;
+    
   }
 
   u8  needs_write = 0, fault = 0;
-- 
cgit 1.4.1