cranelift-fuzzgen: Consume all trailing fuzz input (#4862)

But don't keep going once we've consumed it all.

cranelift/fuzzgen/src/lib.rs

@@ -137,11 +137,12 @@ where
         })
     }
 
-    fn generate_test_inputs(&mut self, signature: &Signature) -> Result<Vec<TestCaseInput>> {
+    fn generate_test_inputs(mut self, signature: &Signature) -> Result<Vec<TestCaseInput>> {
-        let num_tests = self.u.int_in_range(self.config.test_case_inputs.clone())?;
+        let mut inputs = Vec::new();
-        let mut inputs = Vec::with_capacity(num_tests);
+
+        loop {
+            let last_len = self.u.len();
 
-        for _ in 0..num_tests {
             let test_args = signature
                 .params
                 .iter()
@@ -149,6 +150,17 @@ where
                 .collect::<Result<TestCaseInput>>()?;
 
             inputs.push(test_args);
+
+            // Continue generating input as long as we just consumed some of self.u. Otherwise
+            // we'll generate the same test input again and again, forever. Note that once self.u
+            // becomes empty we obviously can't consume any more of it, so this check is more
+            // general. Also note that we need to generate at least one input or the fuzz target
+            // won't actually test anything, so checking at the end of the loop is good, even if
+            // self.u is empty from the start and we end up with all zeros in test_args.
+            assert!(self.u.len() <= last_len);
+            if self.u.len() == last_len {
+                break;
+            }
         }
 
         Ok(inputs)