Support multiple custom mutators (#282)

* Make a list of custom mutators using env variable

* Set up multiple custom mutators

* Add destroy custom mutator and changes to load_custom_mutator

* Use array instead of list, make changes to afl-fuzz-one for multiple mutators

* Make change to fuzz-one custom_queue_get to support multiple mutators

* Modify custom python mutator support

* Fix bug

* Fix missing afl->mutator->data

* Revert to list with max count

* Change custom_pre_save hook and code format

* Free custom_mutator struct in the list

* Add testcase for multiple custom mutators

* Resolve merge conflict

include/afl-fuzz.h

@@ -605,8 +605,11 @@ typedef struct afl_state {
   u8 *   in_scratch_buf;
   size_t in_scratch_size;
 
-  u8 *   ex_buf;
-  size_t ex_size;
+  u8 *    ex_buf;
+  size_t  ex_size;
+  u32 custom_mutators_count;
+
+  list_t custom_mutator_list;
 
   /* this is a fixed buffer of size map_size that can be used by any function if
    * they do not call another function */
@@ -620,6 +623,8 @@ struct custom_mutator {
   void *      dh;
   u8 *        pre_save_buf;
   size_t      pre_save_size;
+  u8  stacked_custom_prob,
+      stacked_custom;
 
   void *data;                                    /* custom mutator data ptr */
 
@@ -808,14 +813,14 @@ void read_afl_environment(afl_state_t *, char **);
 /**** Prototypes ****/
 
 /* Custom mutators */
-void setup_custom_mutator(afl_state_t *);
-void destroy_custom_mutator(afl_state_t *);
-u8   trim_case_custom(afl_state_t *, struct queue_entry *q, u8 *in_buf);
+void setup_custom_mutators(afl_state_t *);
+void destroy_custom_mutators(afl_state_t *);
+u8   trim_case_custom(afl_state_t *, struct queue_entry *q, u8 *in_buf, struct custom_mutator * mutator);
 
 /* Python */
 #ifdef USE_PYTHON
 
-void load_custom_mutator_py(afl_state_t *, char *);
+struct custom_mutator * load_custom_mutator_py(afl_state_t *, char *);
 void finalize_py_module(void *);
 
 size_t pre_save_py(void *, u8 *, size_t, u8 **);