rust-fuzz/afl.rs

`maxlength` flag does not work as expected

louismerlin opened this issue · 2 comments

I've tried using AFL++'s -G (--maxlength) option to generate and use inputs bigger than the default 1MB but I have not been successful so far.

Here is a repository I created to show the behavior: https://github.com/louismerlin/fuzz-size

I don't know if the behavior comes from afl.rs or from AFL++ directly.

I'll be happy to help fixing the issue, but I have not found the source of it yet.

Hi, @louismerlin. I played with your example briefly using plain AFLpluplus, and I too could not get it to produce a large input. In fact, the largest input I got it to produce was just a few hundred bytes. This suggests to me we're not properly incentivizing AFLplusplus to look for large inputs.

I'll try to think about this more, but it's not obvious to me what we're doing wrong right now.

1MB is actually a hard-coded limitation in AFL++.