Skip to content

feat(fuzz): improve fuzzing effectiveness, better timeouts, and comprehensive seeds, reproduction tooling #6166

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
vyavdoshenko wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat(fuzz): improve fuzzing effectiveness, better timeouts, and comprehensive seeds, reproduction tooling #6166

vyavdoshenko wants to merge 3 commits into from

Conversation

@vyavdoshenko
Copy link
Contributor

@vyavdoshenko vyavdoshenko commented Dec 5, 2025

Closes: #5712
Depends on: romange/container-foundry#24

Improves the AFL++ fuzzing infrastructure to increase crash detection effectiveness.

Changes:

Fuzzing Configuration (run_fuzzer.sh):

  • Reduced timeout from 10s to 500ms for faster iteration
  • Added CMPLOG mode (-l 2) for automatic command discovery
  • Added memory limit (4GB)
  • Set AFL_HANG_TMOUT=60000 to avoid false positive hangs
  • Disabled dangerous commands: SHUTDOWN, DEBUG, FLUSHALL, FLUSHDB

Socket Timeout (dfly_main.cc):

  • Increased socket timeout from 100ms to 2s to allow complex commands to complete

New Seed Files:

  • Added new seeds covering

Dictionary Expansion (resp.dict):

  • Added new entries: scripting commands, bitfield operations, sorted set operations, edge case numbers, JSON paths, RESP protocol edge cases, Lua patterns

Documentation (FUZZING.md):

  • Added guide for AFL_PERSISTENT_RECORD usage
  • Documented crash replay procedures for stateful bugs

GitHub Actions:

  • Updated container image to ghcr.io/romange/ubuntu-dev:24-afl with pre-built AFL++
  • Added AFL_PERSISTENT_RECORD=1000 for crash replay support
  • Simplified AFL++ verification step

@vyavdoshenko vyavdoshenko self-assigned this Dec 5, 2025
augmentcode[bot]
augmentcode bot reviewed Dec 5, 2025
View reviewed changes
Copy link

@augmentcode augmentcode bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review completed. 1 suggestion posted.

Comment augment review to trigger a new review at any time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@romange romange Awaiting requested review from romange

@kostasrim kostasrim Awaiting requested review from kostasrim

@dranikpg dranikpg Awaiting requested review from dranikpg

1 more reviewer

@augmentcode augmentcode[bot] augmentcode[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@vyavdoshenko vyavdoshenko

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[AFL++] Crash management and local reproduction tooling

2 participants

@vyavdoshenko