Davíð Steinn Geirsson
bb3c603172
Add a second fuzzing engine alongside the existing libFuzzer/cargo-fuzz setup. AFL++ runs with persistent mode (afl::fuzz! macro), LLVM plugins (CmpLog, IJON), and a SymCC concolic companion for hybrid fuzzing. - cargo-afl built from afl.rs with a patch for CARGO_AFL_DIR / CARGO_AFL_LLVM_DIR env-var overrides - AFL++ built with LLVM 22 plugins to match rust-nightly - Persistent-mode fuzz targets in lib/fuzz-afl/ - --jobs N parallel fuzzing: main instance in foreground, secondaries and SymCC companion as systemd transient units in a slice - Ctrl+c / exit cleans up all background processes via slice stop - AFL_AUTORESUME=1 for clean restarts after previous runs - fuzz-clean-afl collects crashes from all instance directories - Shared harness logic in lib/src/fuzz_harness.rs Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
44 lines
760 B
TOML
44 lines
760 B
TOML
[package]
|
|
name = "usbip-rs-fuzz"
|
|
version = "0.0.0"
|
|
publish = false
|
|
edition = "2024"
|
|
|
|
[package.metadata]
|
|
cargo-fuzz = true
|
|
|
|
[dependencies]
|
|
libfuzzer-sys = "0.4"
|
|
tokio = { version = "1", features = ["rt-multi-thread", "sync", "time", "io-util"] }
|
|
|
|
[dependencies.usbip-rs]
|
|
path = ".."
|
|
features = ["fuzz"]
|
|
|
|
[workspace]
|
|
members = ["."]
|
|
|
|
[[bin]]
|
|
name = "fuzz_parse_command"
|
|
path = "fuzz_targets/fuzz_parse_command.rs"
|
|
doc = false
|
|
|
|
[[bin]]
|
|
name = "fuzz_handle_client"
|
|
path = "fuzz_targets/fuzz_handle_client.rs"
|
|
doc = false
|
|
|
|
[[bin]]
|
|
name = "fuzz_urb_hid"
|
|
path = "fuzz_targets/fuzz_urb_hid.rs"
|
|
doc = false
|
|
|
|
[[bin]]
|
|
name = "fuzz_urb_uac"
|
|
path = "fuzz_targets/fuzz_urb_uac.rs"
|
|
doc = false
|
|
|
|
[[bin]]
|
|
name = "fuzz_urb_cdc"
|
|
path = "fuzz_targets/fuzz_urb_cdc.rs"
|
|
doc = false
|