afl_custom_trim: Don't allow fuzz inputs to grow

[realmadsci]

NOTE: I'm not sure if this is needed or if maybe I'm making grammar files incorrectly! It might be good to include this check in either case?

AFLplusplus DOES NOT LIKE IT if you happen to send back something larger when it asks you to do a trim stage!

This might be a bug with the grammar, but for some grammars, I have found that the subtree_trimming function can create a bigger result. This code checks for that case and sends the original value up instead of allowing a bigger one to be used.

[h1994st]

Hi @realmadsci ,

Yes, I noticed this a while ago. The definition of size is different in the grammar mutator. The trimming function in a grammar mutator aims at reducing the objects in a grammar structure, but does not guarantee to generate a smaller binary buffer.

Last year, while developing the grammar mutator, I submitted a pull request to AFLplusplus (https://github.com/AFLplusplus/AFLplusplus/pull/463), which allows custom mutators to generate a larger output.

So I would probably do not merge this pull request.

[vanhauser-thc]

@realmadsci does afl++ complain? I thought this was fixed with @h1994st's PR back then?

[realmadsci]

It crashes rather than complaining now. I get a realloc() invalid size error shortly after the mutator creates a larger sized input.

I agree that it is probably better to fix the AFL behavior than to apply this workaround - hence why I made it a separate PR from the other...

[vanhauser-thc]

yes this should be fixed in afl++

[vanhauser-thc]

@realmadsci if you can supply a backtrace I can do the change, or you can supply a PR

[realmadsci]

Ok... gotta disable this "fix" and run it again...