AFL-fuzz not finding any crashes

Question

I am trying AFL for the first time, and for that reason i found a very simple vulnerable C code that i could use to test AFL.

The C code in questions is

#include <stdio.h>
#include <string.h>

int main(int argc, char * argv[]){
        char name[10];

        if ( argc > 1 ){
                strcpy(name, argv[1]);
                printf("HELLO %s\n", name);
        }

        return 0;
}

I compile that code by running afl-gcc test.c -o test and i tested it just to make sure it crashes when it was suppose to (running ./test $(python3 -c "print('A'*26)") will give a segmentation fault as expected)

The problem here is, i created a testcase echo -en "test\x00" > input/testcase and run AFL afl-fuzz -i afl_in -o afl_out -- ./test but after a day it still hasn't found any crashes.

I also tried to create a test case that would force it crash python3 -c "print('A'*26)" > input/testcase but it still runs and does not find anything.

This was suppose to be the easiest example so i could get to know AFL a bit better but it is proving to be a challege. Can anyone help?

Answer 1

Just as Nick ODell post it in the comments

Seems like AFL expects the program under test to read from STDIN rather than an argument. github.com/google/AFL#6-fuzzing-binaries

Following that URL shows an experimental module that allows for AFL to read from an argument, and for that to work i just had to add 2 lines to my existing code:

#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include "argv-fuzz-inl.h" // <-- Argv fuzz module


int main(int argc, char * argv[]){
        AFL_INIT_ARGV(); // <-- needed near the very beginning of main().
        char name[10];

        if ( argc > 1 ){
                strcpy(name, argv[1]);
                printf("HELLO %s\n", name);
        }

        return 0;
}

After that i just compiled it again and everything worked as expected.