From b04ab579a37d6645eafccfb594ed7dc64993f9da Mon Sep 17 00:00:00 2001
From: Phil Turnbull <philipturnbull@github.com>
Date: Fri, 16 Feb 2018 13:26:26 -0500
Subject: Don't discard empty fuzz test-cases

We currently discard fuzz test-cases that are empty but empty inputs are valid
markdown. This improves the fuzzing coverage slightly.
---
 test/cmark-fuzz.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'test/cmark-fuzz.c')

diff --git a/test/cmark-fuzz.c b/test/cmark-fuzz.c
index f09db52..f4f082a 100644
--- a/test/cmark-fuzz.c
+++ b/test/cmark-fuzz.c
@@ -4,7 +4,7 @@
 
 int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   int options = 0;
-  if (size > sizeof(options)) {
+  if (size >= sizeof(options)) {
     /* First 4 bytes of input are treated as options */
     int options = *(const int *)data;
 
-- 
cgit v1.2.3


From c24c432517c721b8cb8022b98d8cf734c68d2aee Mon Sep 17 00:00:00 2001
From: Phil Turnbull <philipturnbull@github.com>
Date: Fri, 16 Feb 2018 13:31:29 -0500
Subject: Fuzz width parameter too

Allow the `width` parameter to be generated too so we get better fuzz-coverage.
---
 test/cmark-fuzz.c | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

(limited to 'test/cmark-fuzz.c')

diff --git a/test/cmark-fuzz.c b/test/cmark-fuzz.c
index f4f082a..9bdd3a5 100644
--- a/test/cmark-fuzz.c
+++ b/test/cmark-fuzz.c
@@ -3,24 +3,28 @@
 #include "cmark.h"
 
 int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
-  int options = 0;
-  if (size >= sizeof(options)) {
-    /* First 4 bytes of input are treated as options */
-    int options = *(const int *)data;
+  struct __attribute__((packed)) {
+    int options;
+    int width;
+  } fuzz_config;
+
+  if (size >= sizeof(fuzz_config)) {
+    /* The beginning of `data` is treated as fuzzer configuration */
+    memcpy(&fuzz_config, data, sizeof(fuzz_config));
 
     /* Mask off valid option bits */
-    options = options & (CMARK_OPT_SOURCEPOS | CMARK_OPT_HARDBREAKS | CMARK_OPT_SAFE | CMARK_OPT_NOBREAKS | CMARK_OPT_NORMALIZE | CMARK_OPT_VALIDATE_UTF8 | CMARK_OPT_SMART);
+    fuzz_config.options &= (CMARK_OPT_SOURCEPOS | CMARK_OPT_HARDBREAKS | CMARK_OPT_SAFE | CMARK_OPT_NOBREAKS | CMARK_OPT_NORMALIZE | CMARK_OPT_VALIDATE_UTF8 | CMARK_OPT_SMART);
 
     /* Remainder of input is the markdown */
-    const char *markdown = (const char *)(data + sizeof(options));
-    const size_t markdown_size = size - sizeof(options);
-    cmark_node *doc = cmark_parse_document(markdown, markdown_size, options);
+    const char *markdown = (const char *)(data + sizeof(fuzz_config));
+    const size_t markdown_size = size - sizeof(fuzz_config);
+    cmark_node *doc = cmark_parse_document(markdown, markdown_size, fuzz_config.options);
 
-    free(cmark_render_commonmark(doc, options, 80));
-    free(cmark_render_html(doc, options));
-    free(cmark_render_latex(doc, options, 80));
-    free(cmark_render_man(doc, options, 80));
-    free(cmark_render_xml(doc, options));
+    free(cmark_render_commonmark(doc, fuzz_config.options, fuzz_config.width));
+    free(cmark_render_html(doc, fuzz_config.options));
+    free(cmark_render_latex(doc, fuzz_config.options, fuzz_config.width));
+    free(cmark_render_man(doc, fuzz_config.options, fuzz_config.width));
+    free(cmark_render_xml(doc, fuzz_config.options));
 
     cmark_node_free(doc);
   }
-- 
cgit v1.2.3