comparison

include/afl-mutations.h

@@ -78,7 +78,7 @@ enum {
 };
 
   #define MUT_NORMAL_ARRAY_SIZE 77
-u32 normal_splice[MUT_NORMAL_ARRAY_SIZE] = {MUT_FLIPBIT,
+u32 normal_splice_array[MUT_NORMAL_ARRAY_SIZE] = {MUT_FLIPBIT,
                                                   MUT_FLIPBIT,
                                                   MUT_FLIPBIT,
                                                   MUT_FLIPBIT,
@@ -155,6 +155,7 @@ u32 normal_splice[MUT_NORMAL_ARRAY_SIZE] = {MUT_FLIPBIT,
                                                   MUT_SPLICE_OVERWRITE,
                                                   MUT_SPLICE_INSERT,
                                                   MUT_SPLICE_INSERT};
+
   #define MUT_SPLICE_ARRAY_SIZE 81
 u32 full_splice_array[MUT_SPLICE_ARRAY_SIZE] = {MUT_FLIPBIT,
                                                 MUT_FLIPBIT,

src/afl-fuzz-one.c

@@ -2081,8 +2081,21 @@ havoc_stage:
      where we take the input file and make random stacked tweaks. */
 
   u32 *mutation_array;
-  u32  stack_max;  // stack_max_pow = afl->havoc_stack_pow2;
+  u32  stack_max, rand_max;  // stack_max_pow = afl->havoc_stack_pow2;
 
+  if (unlikely(afl->expand_havoc && afl->ready_for_splicing_count > 1)) {
+
+    mutation_array = full_splice_array;
+    rand_max = MUT_SPLICE_ARRAY_SIZE;
+
+  } else {
+
+    mutation_array = normal_splice_array;
+    rand_max = MUT_NORMAL_ARRAY_SIZE;
+
+  }
+
+  /*
     if (unlikely(afl->text_input || afl->queue_cur->is_ascii)) {  // is text?
 
       if (likely(afl->fuzz_mode == 0)) {  // is exploration?
@@ -2109,6 +2122,8 @@ havoc_stage:
 
     }
 
+  */
+
   /*
   if (temp_len < 64) {
 
@@ -2180,7 +2195,7 @@ havoc_stage:
 
     retry_havoc_step : {
 
-      u32 r = rand_below(afl, MUT_STRATEGY_ARRAY_SIZE), item;
+      u32 r = rand_below(afl, rand_max), item;
 
       switch (mutation_array[r]) {