Skip to main content
Fuzzing C/C++

Fuzzing C and C++ Code — AFL++, libFuzzer, ASan/UBSan/MSan

C and C++ memory bugs are still the #1 source of exploitable CVEs. Fuzze.rs runs AFL++ and libFuzzer campaigns with ASan, UBSan, and MSan against your codebase — fully managed.

Memory-safety bugs in C and C++ are still the dominant source of exploitable vulnerabilities. CVEs in widely-deployed codebases are still being found at a steady rate — most by fuzzers, not by manual code review.

Fuzze.rs runs AFL++, libFuzzer, Honggfuzz, and Centipede campaigns against your C and C++ targets with sanitizer combinations (ASan, UBSan, MSan) configured per job. The same harness you'd run locally on a laptop runs continuously against persistent corpora on dedicated compute.

Why it matters

Finds use-after-free, OOB, double-free

ASan catches the entire memory-corruption class in seconds once the fuzzer hits the path. UBSan adds integer overflow and signed-shift bugs.

Multi-sanitizer campaigns

One job per sanitizer combination (ASan, UBSan, MSan, TSan). Same harness, broader bug class.

Power Fuzzing for stubborn targets

Run AFL++, libFuzzer, Honggfuzz, and Centipede against the same harness in parallel — corpus shared, coverage merged.

Persistent corpora across runs

Coverage gains accumulate. A 24-hour run picks up where the last one left off, not from scratch.

Workflow

  1. 1

    Write a libFuzzer or AFL++ harness

    Standard LLVMFuzzerTestOneInput(const uint8_t *data, size_t size). One harness per parsing entry-point usually wins.

  2. 2

    Pick your sanitizers

    ASan + UBSan is the default; add MSan for uninitialised-memory bugs.

  3. 3

    Build the Docker image

    clang or gcc with -fsanitize=fuzzer plus sanitizer flags. Docs ship a working starter Dockerfile.

  4. 4

    Submit the job

    Via dashboard or REST API. Optional seed corpus and dictionary alongside.

  5. 5

    Triage crashes

    Stack-trace-based deduplication, minimised reproducers, sanitizer report in each crash.

  6. 6

    CI integration

    Short fuzz runs on every PR via our REST API; long campaigns on a schedule.

Fuzzers we’d pick

  • AFL++ — the workhorse. Strong on stateful and binary-format targets.
  • libFuzzer — fastest feedback loop for in-process harnesses.
  • Honggfuzz — strong on signal-handler and persistent-mode targets.
  • Centipede — handles large inputs and complex coverage signals better than the others.
Start fuzzing your C/C++ code

First month 50% off. Cancel anytime.