ci: Add simple fuzz-target to CI

Running it for 10 minutes is a good tradeoff to check
for regression and not waste too much of CI resources

Author: david-cermak

.github/workflows/fuzzer.yml

@@ -0,0 +1,41 @@
+name: "fuzzing lwip with afl++"
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: '*'
+
+jobs:
+  fuzz_test:
+    name: Fuzzer tests for lwip
+
+    runs-on: ubuntu-22.04
+    container: aflplusplus/aflplusplus
+    steps:
+      - name: Checkout lwip
+        uses: actions/checkout@v4
+
+      - name: Run AFL++
+        shell: bash
+        run: |
+          cd test/fuzz
+          CC=afl-gcc-fast CCDEP=gcc make -j 4
+          timeout 10m afl-fuzz -i inputs -o out -- ./lwip_fuzz || \
+          if [ $? -eq 124 ]; then  # timeout exit code
+            if [ -n "$(find out/default/crashes -type f 2>/dev/null)" ]; then
+              echo "Crashes found!";
+              tar -czf out/default/crashes.tar.gz -C out/default crashes;
+              exit 1;
+            fi
+          else
+            exit 1;
+          fi
+
+      - name: Upload Crash Artifacts
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: fuzz-crashes
+          path: test/fuzz/out/default/crashes.tar.gz
+          if-no-files-found: ignore

test/fuzz/README

@@ -1,4 +1,3 @@
-
 Fuzzing the lwIP stack (afl-fuzz requires linux/unix or similar)
 
 This directory contains small apps that read Ethernet frames from stdin and
@@ -32,3 +31,15 @@ file to simplify viewing in wireshark.
 The lwipopts.h file needs to have checksum checking off, otherwise almost every
 packet will be discarded because of that. The other options can be tuned to
 expose different parts of the code.
+
+To reproduce crashes or hangs, it's useful to build the fuzz targets locally
+(without AFL) and feed them with the saved output files (supplied as command
+line arguments), for example:
+
+make clean && CC=gcc make
+./lwip_fuzz output/default/crashes/id:000001,sig:11,src:000254,time:13211,execs:374294,op:havoc,rep:3
+
+Note: It's convenient to run AFL++ in a container:
+
+docker pull aflplusplus/aflplusplus:latest
+docker run -ti -v /your-local-lwip-repo/:/lwip aflplusplus/aflplusplus