From b8b2fadea8581763f94013a7c84e5ce66eba2392 Mon Sep 17 00:00:00 2001 From: Jamey Sharp Date: Wed, 7 Sep 2022 08:46:39 -0700 Subject: [PATCH] cranelift-fuzzgen: Consume all trailing fuzz input (#4862) But don't keep going once we've consumed it all. --- cranelift/fuzzgen/src/lib.rs | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/cranelift/fuzzgen/src/lib.rs b/cranelift/fuzzgen/src/lib.rs index cde0d8ab72..515abe9741 100644 --- a/cranelift/fuzzgen/src/lib.rs +++ b/cranelift/fuzzgen/src/lib.rs @@ -137,11 +137,12 @@ where }) } - fn generate_test_inputs(&mut self, signature: &Signature) -> Result> { - let num_tests = self.u.int_in_range(self.config.test_case_inputs.clone())?; - let mut inputs = Vec::with_capacity(num_tests); + fn generate_test_inputs(mut self, signature: &Signature) -> Result> { + let mut inputs = Vec::new(); + + loop { + let last_len = self.u.len(); - for _ in 0..num_tests { let test_args = signature .params .iter() @@ -149,6 +150,17 @@ where .collect::>()?; inputs.push(test_args); + + // Continue generating input as long as we just consumed some of self.u. Otherwise + // we'll generate the same test input again and again, forever. Note that once self.u + // becomes empty we obviously can't consume any more of it, so this check is more + // general. Also note that we need to generate at least one input or the fuzz target + // won't actually test anything, so checking at the end of the loop is good, even if + // self.u is empty from the start and we end up with all zeros in test_args. + assert!(self.u.len() <= last_len); + if self.u.len() == last_len { + break; + } } Ok(inputs)