fixed example

examples/custom_mutators/example.c

@@ -142,34 +142,25 @@ size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, size_t buf_size,
 size_t afl_custom_pre_save(my_mutator_t *data, uint8_t *buf, size_t buf_size,
                            uint8_t **out_buf) {
 
-  if (data->pre_save_size < buf_size + 5) {
+  uint8_t *pre_save_buf = maybe_grow(BUF_PARAMS(data, pre_save), buf_size + 5);
+  if (!pre_save_buf) {
 
-    data->pre_save_buf = maybe_grow(BUF_PARAMS(data, pre_save), buf_size + 5);
+    perror("custom mutator realloc failed.");
-    if (!data->pre_save_buf) {
+    *out_buf = NULL;
-
+    return 0;
-      perror("custom mutator realloc failed.");
-      *out_buf = NULL;
-      return 0;
-
-    }
-
-    data->pre_save_size = buf_size + 5;
 
   }
 
-  uint8_t *pre_save_buf = data->pre_save_buf;
+  memcpy(pre_save_buf + 5, buf, buf_size);
-
+  pre_save_buf[0] = 'A';
-  memcpy(pre_save_buf, buf, buf_size);
+  pre_save_buf[1] = 'F';
-  size_t out_buf_size = buf_size + 5;
+  pre_save_buf[2] = 'L';
-  pre_save_buf[buf_size + 0] = 'A';
+  pre_save_buf[3] = '+';
-  pre_save_buf[buf_size + 1] = 'F';
+  pre_save_buf[4] = '+';
-  pre_save_buf[buf_size + 2] = 'L';
-  pre_save_buf[buf_size + 3] = '+';
-  pre_save_buf[buf_size + 4] = '+';
 
   *out_buf = pre_save_buf;
 
-  return out_buf_size;
+  return buf_size + 5;
 
 }
 

src/afl-fuzz-one.c

@@ -1647,10 +1647,8 @@ custom_mutator_stage:
 
     }
 
-    /* `afl->out_buf` is actually not changed in the loop. Since `ck_maybe_grow`
+    /* `(afl->)out_buf` may have been changed by the call to custom_fuzz */
-       is cheap, we still keep the following line but remove `memcpy`. */
+    memcpy(out_buf, in_buf, len);
-    out_buf = ck_maybe_grow(BUF_PARAMS(out), len);
-    // memcpy(out_buf, in_buf, len);
 
   }