[forkserver_libafl_cc] Adjust test fuzzer

* Remove 1 second per testcase timeout.  The crashes are taking longer
  and are erroneously treated as a timeout
* Add a max input length parameter akin to AFL++'s afl-fuzz CLI args so
  that the mutations are more likely to find the objective (crash)
  * Set the default test to length 10 as the two potential crashes can
    be found mutating the first 3 or 4 bytes

Author: rchildre3

fuzzers/forkserver/forkserver_libafl_cc/Justfile

@@ -56,7 +56,7 @@ run: fuzzer
 [macos]
 test: fuzzer
     #!/bin/bash
-    timeout 30s {{ FORKSERVER }} ./{{ FUZZER_NAME }} ./corpus/ -t 1000 | tee fuzz_stdout.log || true
+    timeout 30s {{ FORKSERVER }} -G 10 ./{{ FUZZER_NAME }} ./corpus/ | tee fuzz_stdout.log || true
     if grep -qa "objectives: 1" fuzz_stdout.log; then
         echo "Fuzzer is working"
     else

fuzzers/forkserver/forkserver_libafl_cc/src/main.rs

@@ -2,6 +2,7 @@ use core::time::Duration;
 use std::path::PathBuf;
 
 use clap::Parser;
+use libafl::executors::forkserver::MAX_INPUT_SIZE_DEFAULT;
 use libafl::{
     corpus::{Corpus, InMemoryCorpus, OnDiskCorpus},
     events::SimpleEventManager,
@@ -42,6 +43,14 @@ struct Opt {
     )]
     executable: String,
 
+    #[arg(
+        help = "set max length of generated fuzz input",
+        short = 'G',
+        long = "maxlen",
+        default_value_t = MAX_INPUT_SIZE_DEFAULT
+    )]
+    max_input_len: usize,
+
     #[arg(
         help = "The directory to read initial inputs from ('seeds')",
         name = "INPUT_DIR",
@@ -180,6 +189,7 @@ pub fn main() {
         .parse_afl_cmdline(args)
         .coverage_map_size(MAP_SIZE)
         .timeout(Duration::from_millis(opt.timeout))
+        .max_input_size(opt.max_input_len)
         .kill_signal(opt.signal)
         .build(tuple_list!(time_observer, edges_observer))
         .unwrap();