fixed call of custom mutators

src/afl-fuzz-mutators.c

@@ -213,7 +213,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {
     u8 *   retbuf = NULL;
     size_t retlen = 0;
 
-    afl->mutator->afl_custom_trim(afl, &retbuf, &retlen);
+    afl->mutator->afl_custom_trim(afl->mutator->data, &retbuf, &retlen);
 
     if (retlen > orig_len)
       FATAL(
@@ -250,7 +250,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {
       }
 
       /* Tell the custom mutator that the trimming was successful */
-      afl->stage_cur = afl->mutator->afl_custom_post_trim(afl, 1);
+      afl->stage_cur = afl->mutator->afl_custom_post_trim(afl->mutator->data, 1);
 
       if (afl->not_on_tty && afl->debug)
         SAYF("[Custom Trimming] SUCCESS: %d/%d iterations (now at %u bytes)",
@@ -259,7 +259,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {
     } else {
 
       /* Tell the custom mutator that the trimming was unsuccessful */
-      afl->stage_cur = afl->mutator->afl_custom_post_trim(afl, 0);
+      afl->stage_cur = afl->mutator->afl_custom_post_trim(afl->mutator->data, 0);
       if (afl->not_on_tty && afl->debug)
         SAYF("[Custom Trimming] FAILURE: %d/%d iterations", afl->stage_cur,
              afl->stage_max);

src/afl-fuzz-one.c

@@ -360,7 +360,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
 
     /* The custom mutator will decide to skip this test case or not. */
 
-    if (!afl->mutator->afl_custom_queue_get(afl, afl->queue_cur->fname))
+    if (!afl->mutator->afl_custom_queue_get(afl->mutator->data, afl->queue_cur->fname))
       return 1;
 
   }
@@ -1611,7 +1611,7 @@ custom_mutator_stage:
     close(fd);
 
     size_t mutated_size = afl->mutator->afl_custom_fuzz(
-        afl, &out_buf, len, new_buf, target->len, max_seed_size);
+        afl->mutator->data, &out_buf, len, new_buf, target->len, max_seed_size);
 
     ck_free(new_buf);
 
@@ -1702,7 +1702,7 @@ havoc_stage:
   if (stacked_custom && afl->mutator->afl_custom_havoc_mutation_probability) {
 
     stacked_custom_prob =
-        afl->mutator->afl_custom_havoc_mutation_probability(afl);
+        afl->mutator->afl_custom_havoc_mutation_probability(afl->mutator->data);
     if (stacked_custom_prob > 100)
       FATAL(
           "The probability returned by afl_custom_havoc_mutation_propability "
@@ -1723,7 +1723,7 @@ havoc_stage:
 
       if (stacked_custom && rand_below(afl, 100) < stacked_custom_prob) {
 
-        temp_len = afl->mutator->afl_custom_havoc_mutation(afl, &out_buf,
+        temp_len = afl->mutator->afl_custom_havoc_mutation(afl->mutator->data, &out_buf,
                                                            temp_len, MAX_FILE);
 
       }

src/afl-fuzz-queue.c

@@ -147,7 +147,7 @@ void add_to_queue(afl_state_t *afl, u8 *fname, u32 len, u8 passed_det) {
     /* At the initialization stage, queue_cur is NULL */
     if (afl->queue_cur) fname_orig = afl->queue_cur->fname;
 
-    afl->mutator->afl_custom_queue_new_entry(afl, fname, fname_orig);
+    afl->mutator->afl_custom_queue_new_entry(afl->mutator->data, fname, fname_orig);
 
   }
 

src/afl-fuzz-run.c

@@ -218,9 +218,9 @@ void write_to_testcase(afl_state_t *afl, void *mem, u32 len) {
 
     u8 *   new_data;
     size_t new_size =
-        afl->mutator->afl_custom_pre_save(afl, mem, len, &new_data);
+        afl->mutator->afl_custom_pre_save(afl->mutator->data, mem, len, &new_data);
     ck_write(fd, new_data, new_size, afl->fsrv.out_file);
-    ck_free(new_data);
+    free(new_data);
 
   } else {