Add a global argument template to allow fuzzing command line arguments.

[edre]

Usage:

$ afl-fuzz -i seeds -o output -- toybox grep --fuzz-arg

This substitutes one line of input for each provided fuzz-arg, and all remaining input to stdin.

In addition, any detected fuzz arg triggers an rlimit to prevent any forks or file writes, so that fuzzing sh won't forkbomb or write a million tiny garbage files.

[landley]

On 8/2/25 12:56, Eric Roshan-Eisner wrote: Usage: $ afl-fuzz -i seeds -o output -- toybox grep --fuzz-arg This substitutes one line of input for each provided fuzz-arg, and all remaining input to stdin.

Does this approach do what you need without a patch? ``` $ cat lib/blah.c #include <stdio.h> #undef main int other_main(int argc, char *argv[]); int main(int argc, char *argv[]) { dprintf(2, "Hi\n"); return other_main(argc, argv); } $ CFLAGS="-Dmain(a,b)=other_main(a,b)" LDFLAGS=-Umain make clean toybox ... $ ./toybox false Hi $ ``` You can add arbitrary files to lib/*.c and they'll get compiled and linked in, and then in theory dropped out again by --gc-sections if they're not used. The -Dmain renames the main() in main.c, the #undef main prevents the new one from getting renamed. The -U is so the -D doesn't screw up the compile time library and config symbol probes in scripts/{main,genconfig}.sh (LDFLAGS is only included when linking a binary, not when creating a .o file).