>>strcpy(buff, argv[1]);
>
>>But AFL doesn't fuzz command-line arguments out of the box. Instead, it
>>puts test input to a file, and then either redirects stdin or passes the
>>filename on the command line.
>
> Yep I got it.
Yup, this is your most significant problem. AFL doesn't support argv
fuzzing, because TBH, it's just not horribly useful in practice. There
is an example in experimental/argv_fuzzing/ showing how to do it in a
general case if you really want to.
>>You don't need input file THAT big. In fact, afl-fuzz refuses to process
>>input files bigger than 1MB.
>
> I thought AFL will work on the input files which less than equal to 1MB
As explained in the docs, you want to start with small, meaningful
test cases; 1 MB of garbage isn't a good starting file (and in any
case, if you get the invocation right, it'd crash the target program
right away and be rejected by afl-fuzz for that reason alone).
>>$afl-fuzz -i afl_in -o afl_out ./a.out -a @@
> I followed execution command from the following blog.
Everything after the path to the target binary (./a.out) is passed to
your target binary as an argument. So you're calling it with:
argv[0] = "./a.out";
argv[1] = "-a";
argv[2] = "<file name, which is not what you want, but a separate
problem - see above>";
Since your program looks only at argv[1], and that value is fixed and
always set to "-a", nothing happens.
/mz