Skip the empty test case generated by the custom trimming

2025-06-10 17:21:33 +00:00 · 2020-07-18 23:20:32 -04:00 · 2020-07-18 23:20:32 -04:00 · 67d2e6319b
commit 67d2e6319b
parent 5e10f660e8
2 changed files with 12 additions and 1 deletions
--- a/src/afl-fuzz-mutators.c
+++ b/src/afl-fuzz-mutators.c
@ -286,6 +286,15 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf,
          "Trimmed data returned by custom mutator is larger than original "
          "data");

+    } else if (unlikely(retlen == 0)) {
+
+      /* Do not run the empty test case on the target. To keep the custom
+         trimming function running, we simply treat the empty test case as an
+         unsuccessful trimming and skip it, instead of aborting the trimming. */
+
+      ++afl->trim_execs;
+      goto unsuccessful_trimming;
+
    }

    write_to_testcase(afl, retbuf, retlen);
@ -325,6 +334,8 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf,

    } else {

+unsuccessful_trimming:
+
      /* Tell the custom mutator that the trimming was unsuccessful */
      afl->stage_cur = mutator->afl_custom_post_trim(mutator->data, 0);
      if (unlikely(afl->stage_cur < 0)) {
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@ -109,7 +109,7 @@ void write_to_testcase(afl_state_t *afl, void *mem, u32 len) {

    });

-    if (unlikely(!new_buf && (new_size < 0))) {
+    if (unlikely(!new_buf && (new_size <= 0))) {

      FATAL("Custom_post_process failed (ret: %lu)", (long unsigned)new_size);