rust-fuzz/afl.rs

fuzz() function enhancements

vanhauser-thc opened this issue · 2 comments

in afl/src/lib.rs:

pub fn fuzz<F>(hook: bool, mut closure: F)
...
    while unsafe { __afl_persistent_loop(1000) } != 0 {

it is better to use UINT_MAX here - and to make it configurable (e.g. with a env var or via a command line option).
(The LLVMFuzzerTestOneInput wrapper in AFL++ sets it as UINT_MAX and it is configurable).

I would accept a PR with this change.

make it configurable (e.g. with a env var or via a command line option).

I think an environment variable would be preferable, so that cargo afl fuzz's arguments continue to be that same as afl-fuzz's.

Fixed by #437