This patch causes the random recursive mutation stage to only be
allowed to add up to 1k of extra bytes to the output file in a single
step. It might be a good idea to make this into an environment
variable or other tunable feature in the future.
The reason for this limitation is because the RRM stage can create
very MASSIVE growth of file size in a short period if it happens to
select a large subtree to duplicate. These huge files then become
a "sinkhole" for the fuzzer, where it spends most of its time
on further attempts to trim and/or mutate that file rather than
exploring other options.
With this limitation in place, strings and things that have relatively
short subtrees (and small character counts per recursion) can still
be expanded by fairly significant amounts, which is the main benefit
of this mutation stage.
Also, because the RRM is a bit more sane on each iteration, I increased
the number of allowed stages to make it still contribute to the overall
fuzzing process.
This patch causes the random recursive mutation stage to only be allowed to add up to 1k of extra bytes to the output file in a single step. It might be a good idea to make this into an environment variable or other tunable feature in the future.
The reason for this limitation is because the RRM stage can create very MASSIVE growth of file size in a short period if it happens to select a large subtree to duplicate. These huge files then become a "sinkhole" for the fuzzer, where it spends most of its time on further attempts to trim and/or mutate that file rather than exploring other options.
With this limitation in place, strings and things that have relatively short subtrees (and small character counts per recursion) can still be expanded by fairly significant amounts, which is the main benefit of this mutation stage.
Also, because the RRM is a bit more sane on each iteration, I increased the number of allowed stages to make it still contribute to the overall fuzzing process.