Davíð Steinn Geirsson
bb3c603172
Add a second fuzzing engine alongside the existing libFuzzer/cargo-fuzz setup. AFL++ runs with persistent mode (afl::fuzz! macro), LLVM plugins (CmpLog, IJON), and a SymCC concolic companion for hybrid fuzzing. - cargo-afl built from afl.rs with a patch for CARGO_AFL_DIR / CARGO_AFL_LLVM_DIR env-var overrides - AFL++ built with LLVM 22 plugins to match rust-nightly - Persistent-mode fuzz targets in lib/fuzz-afl/ - --jobs N parallel fuzzing: main instance in foreground, secondaries and SymCC companion as systemd transient units in a slice - Ctrl+c / exit cleans up all background processes via slice stop - AFL_AUTORESUME=1 for clean restarts after previous runs - fuzz-clean-afl collects crashes from all instance directories - Shared harness logic in lib/src/fuzz_harness.rs Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
33 lines
645 B
TOML
33 lines
645 B
TOML
[package]
|
|
name = "usbip-rs-fuzz-afl"
|
|
version = "0.0.0"
|
|
publish = false
|
|
edition = "2024"
|
|
|
|
[dependencies]
|
|
usbip-rs = { path = "..", features = ["fuzz"] }
|
|
tokio = { version = "1", features = ["rt-multi-thread", "sync", "time", "io-util"] }
|
|
afl = "0.17.1"
|
|
|
|
[workspace]
|
|
members = ["."]
|
|
|
|
[[bin]]
|
|
name = "fuzz_parse_command"
|
|
path = "afl_targets/fuzz_parse_command.rs"
|
|
|
|
[[bin]]
|
|
name = "fuzz_handle_client"
|
|
path = "afl_targets/fuzz_handle_client.rs"
|
|
|
|
[[bin]]
|
|
name = "fuzz_urb_hid"
|
|
path = "afl_targets/fuzz_urb_hid.rs"
|
|
|
|
[[bin]]
|
|
name = "fuzz_urb_uac"
|
|
path = "afl_targets/fuzz_urb_uac.rs"
|
|
|
|
[[bin]]
|
|
name = "fuzz_urb_cdc"
|
|
path = "afl_targets/fuzz_urb_cdc.rs"
|