From d90328f6be726190e013f83df37e49383be1c5e4 Mon Sep 17 00:00:00 2001
From: Shengtuo Hu <h1994st@users.noreply.github.com>
Date: Tue, 21 Jul 2020 18:00:21 -0400
Subject: Allow the custom mutator to generate larger trimmed data (#463)

---
 src/afl-fuzz-mutators.c | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c
index 0fb34ab7..17a68ff8 100644
--- a/src/afl-fuzz-mutators.c
+++ b/src/afl-fuzz-mutators.c
@@ -282,9 +282,23 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf,
 
     } else if (unlikely(retlen > orig_len)) {
 
-      FATAL(
-          "Trimmed data returned by custom mutator is larger than original "
-          "data");
+      /* Do not exit the fuzzer, even if the trimmed data returned by the custom
+         mutator is larger than the original data. For some use cases, like the
+         grammar mutator, the definition of "size" may have different meanings.
+         For example, the trimming function in a grammar mutator aims at
+         reducing the objects in a grammar structure, but does not guarantee to
+         generate a smaller binary buffer.
+
+         Thus, we allow the custom mutator to generate the trimmed data that is
+         larger than the original data. */
+
+      if (afl->not_on_tty && afl->debug) {
+
+        WARNF(
+            "Trimmed data returned by custom mutator is larger than original "
+            "data");
+
+      }
 
     } else if (unlikely(retlen == 0)) {
 
-- 
cgit 1.4.1