Bump fuzzlib hash size from 32 to 64 Also have json_fuzzer choose at most one of the BACKSLASH_X quirks.

commit: c7b90256b341262230116f36b077e98f947d732f [log] [tgz]
author: Nigel Tao <nigeltao@golang.org> Mon Aug 10 22:56:47 2020 +1000
committer: Nigel Tao <nigeltao@golang.org> Mon Aug 10 22:56:47 2020 +1000
tree: 9a74e0a55b6099a5259401a0926e9953f1d3875c
parent: 28ef6a786261e02410bb63e95251003c25bb1fb9 [diff]
diff --git a/fuzz/c/fuzzlib/fuzzlib.c b/fuzz/c/fuzzlib/fuzzlib.c
index 29f9a4a..d4c72ef 100644
--- a/fuzz/c/fuzzlib/fuzzlib.c
+++ b/fuzz/c/fuzzlib/fuzzlib.c

@@ -27,14 +27,12 @@
   *ptr = 0;
 }
 
-const char*  //
-fuzz(wuffs_base__io_buffer* src, uint32_t hash);
-
-static const char*  //
-llvmFuzzerTestOneInput(const uint8_t* data, size_t size) {
-  // Hash input as per https://en.wikipedia.org/wiki/Jenkins_hash_function
-  size_t i = 0;
+// jenkins_hash_u32 implements
+// https://en.wikipedia.org/wiki/Jenkins_hash_function
+static uint32_t  //
+jenkins_hash_u32(const uint8_t* data, size_t size) {
   uint32_t hash = 0;
+  size_t i = 0;
   while (i != size) {
     hash += data[i++];
     hash += hash << 10;
@@ -43,6 +41,19 @@
   hash += hash << 3;
   hash ^= hash >> 11;
   hash += hash << 15;
+  return hash;
+}
+
+const char*  //
+fuzz(wuffs_base__io_buffer* src, uint64_t hash);
+
+static const char*  //
+llvmFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  // Make a 64-bit hash out of two 32-bit hashes, each on half of the data.
+  size_t s2 = size / 2;
+  uint32_t hash0 = jenkins_hash_u32(data, s2);
+  uint32_t hash1 = jenkins_hash_u32(data + s2, size - s2);
+  uint64_t hash = (((uint64_t)hash0) << 32) | ((uint64_t)hash1);
 
   wuffs_base__io_buffer src = ((wuffs_base__io_buffer){
       .data = ((wuffs_base__slice_u8){

diff --git a/fuzz/c/std/cbor_fuzzer.c b/fuzz/c/std/cbor_fuzzer.c
index fe02c20..a2c5020 100644
--- a/fuzz/c/std/cbor_fuzzer.c
+++ b/fuzz/c/std/cbor_fuzzer.c

@@ -218,7 +218,7 @@
 }
 
 uint64_t  //
-buffer_limit(uint32_t hash_6_bits, uint64_t min, uint64_t max) {
+buffer_limit(uint64_t hash_6_bits, uint64_t min, uint64_t max) {
   uint64_t n;
   if (hash_6_bits < 0x20) {
     n = min + hash_6_bits;
@@ -234,14 +234,14 @@
 }
 
 const char*  //
-fuzz_complex(wuffs_base__io_buffer* full_src, uint32_t hash_24_bits) {
+fuzz_complex(wuffs_base__io_buffer* full_src, uint64_t hash_56_bits) {
   uint64_t tok_limit = buffer_limit(
-      hash_24_bits & 0x3F, WUFFS_CBOR__DECODER_DST_TOKEN_BUFFER_LENGTH_MIN_INCL,
+      hash_56_bits & 0x3F, WUFFS_CBOR__DECODER_DST_TOKEN_BUFFER_LENGTH_MIN_INCL,
       TOK_BUFFER_ARRAY_SIZE);
-  uint32_t hash_18_bits = hash_24_bits >> 6;
+  uint64_t hash_50_bits = hash_56_bits >> 6;
 
   uint64_t src_limit =
-      buffer_limit(hash_18_bits & 0x3F,
+      buffer_limit(hash_50_bits & 0x3F,
                    WUFFS_CBOR__DECODER_SRC_IO_BUFFER_LENGTH_MIN_INCL, 4096);
 
   // ----
@@ -391,7 +391,7 @@
 }
 
 const char*  //
-fuzz(wuffs_base__io_buffer* full_src, uint32_t hash) {
+fuzz(wuffs_base__io_buffer* full_src, uint64_t hash) {
   // Send 99.6% of inputs to fuzz_complex and the remainder to fuzz_simple. The
   // 0xA5 constant is arbitrary but non-zero. If the hash function maps the
   // empty input to 0, this still sends the empty input to fuzz_complex.

diff --git a/fuzz/c/std/gif_fuzzer.c b/fuzz/c/std/gif_fuzzer.c
index d2fd1e3..5c483f8 100644
--- a/fuzz/c/std/gif_fuzzer.c
+++ b/fuzz/c/std/gif_fuzzer.c

@@ -61,7 +61,7 @@
 #include "../fuzzlib/fuzzlib.c"
 
 const char*  //
-fuzz(wuffs_base__io_buffer* src, uint32_t hash) {
+fuzz(wuffs_base__io_buffer* src, uint64_t hash) {
   const char* ret = NULL;
   wuffs_base__slice_u8 pixbuf = ((wuffs_base__slice_u8){});
   wuffs_base__slice_u8 workbuf = ((wuffs_base__slice_u8){});

diff --git a/fuzz/c/std/json_fuzzer.c b/fuzz/c/std/json_fuzzer.c
index 6cb0270..e47bc36 100644
--- a/fuzz/c/std/json_fuzzer.c
+++ b/fuzz/c/std/json_fuzzer.c

@@ -209,7 +209,7 @@
 }
 
 uint64_t  //
-buffer_limit(uint32_t hash_6_bits, uint64_t min, uint64_t max) {
+buffer_limit(uint64_t hash_6_bits, uint64_t min, uint64_t max) {
   uint64_t n;
   if (hash_6_bits < 0x20) {
     n = min + hash_6_bits;
@@ -224,7 +224,7 @@
   return n;
 }
 
-void set_quirks(wuffs_json__decoder* dec, uint32_t hash_12_bits) {
+void set_quirks(wuffs_json__decoder* dec, uint64_t hash_44_bits) {
   uint32_t quirks[] = {
       WUFFS_JSON__QUIRK_ALLOW_BACKSLASH_A,
       WUFFS_JSON__QUIRK_ALLOW_BACKSLASH_CAPITAL_U,
@@ -232,8 +232,8 @@
       WUFFS_JSON__QUIRK_ALLOW_BACKSLASH_QUESTION_MARK,
       WUFFS_JSON__QUIRK_ALLOW_BACKSLASH_SINGLE_QUOTE,
       WUFFS_JSON__QUIRK_ALLOW_BACKSLASH_V,
-      WUFFS_JSON__QUIRK_ALLOW_BACKSLASH_X_AS_BYTES,
-      WUFFS_JSON__QUIRK_ALLOW_BACKSLASH_X_AS_CODE_POINTS,
+      (hash_44_bits & 1) ? WUFFS_JSON__QUIRK_ALLOW_BACKSLASH_X_AS_BYTES
+                         : WUFFS_JSON__QUIRK_ALLOW_BACKSLASH_X_AS_CODE_POINTS,
       WUFFS_JSON__QUIRK_ALLOW_BACKSLASH_ZERO,
       WUFFS_JSON__QUIRK_ALLOW_COMMENT_BLOCK,
       WUFFS_JSON__QUIRK_ALLOW_COMMENT_LINE,
@@ -246,26 +246,29 @@
       0,
   };
 
+  // Shift off a bit for the ETC_BACKSLASH_X_ETC choice.
+  uint64_t hash_43_bits = hash_44_bits >> 1;
+
   uint32_t i;
   for (i = 0; quirks[i]; i++) {
-    uint32_t bit = 1 << (i % 12);
-    if (hash_12_bits & bit) {
+    uint64_t bit = 1 << (i % 43);
+    if (hash_43_bits & bit) {
       wuffs_json__decoder__set_quirk_enabled(dec, quirks[i], true);
     }
   }
 }
 
 const char*  //
-fuzz_complex(wuffs_base__io_buffer* full_src, uint32_t hash_24_bits) {
+fuzz_complex(wuffs_base__io_buffer* full_src, uint64_t hash_56_bits) {
   uint64_t tok_limit = buffer_limit(
-      hash_24_bits & 0x3F, WUFFS_JSON__DECODER_DST_TOKEN_BUFFER_LENGTH_MIN_INCL,
+      hash_56_bits & 0x3F, WUFFS_JSON__DECODER_DST_TOKEN_BUFFER_LENGTH_MIN_INCL,
       TOK_BUFFER_ARRAY_SIZE);
-  uint32_t hash_18_bits = hash_24_bits >> 6;
+  uint64_t hash_50_bits = hash_56_bits >> 6;
 
   uint64_t src_limit =
-      buffer_limit(hash_18_bits & 0x3F,
+      buffer_limit(hash_50_bits & 0x3F,
                    WUFFS_JSON__DECODER_SRC_IO_BUFFER_LENGTH_MIN_INCL, 4096);
-  uint32_t hash_12_bits = hash_18_bits >> 6;
+  uint64_t hash_44_bits = hash_50_bits >> 6;
 
   // ----
 
@@ -276,7 +279,7 @@
   if (!wuffs_base__status__is_ok(&status)) {
     return wuffs_base__status__message(&status);
   }
-  set_quirks(&dec, hash_12_bits);
+  set_quirks(&dec, hash_44_bits);
 
   wuffs_base__token tok_array[TOK_BUFFER_ARRAY_SIZE];
   wuffs_base__token_buffer tok = ((wuffs_base__token_buffer){
@@ -415,7 +418,7 @@
 }
 
 const char*  //
-fuzz(wuffs_base__io_buffer* full_src, uint32_t hash) {
+fuzz(wuffs_base__io_buffer* full_src, uint64_t hash) {
   // Send 99.6% of inputs to fuzz_complex and the remainder to fuzz_simple. The
   // 0xA5 constant is arbitrary but non-zero. If the hash function maps the
   // empty input to 0, this still sends the empty input to fuzz_complex.

diff --git a/fuzz/c/std/zlib_fuzzer.c b/fuzz/c/std/zlib_fuzzer.c
index 2571b65..4f104d4 100644
--- a/fuzz/c/std/zlib_fuzzer.c
+++ b/fuzz/c/std/zlib_fuzzer.c

@@ -75,7 +75,7 @@
 #endif
 
 const char*  //
-fuzz(wuffs_base__io_buffer* src, uint32_t hash) {
+fuzz(wuffs_base__io_buffer* src, uint64_t hash) {
   wuffs_zlib__decoder dec;
   wuffs_base__status status = wuffs_zlib__decoder__initialize(
       &dec, sizeof dec, WUFFS_VERSION,
commit	c7b90256b341262230116f36b077e98f947d732f	[log] [tgz]
author	Nigel Tao <nigeltao@golang.org>	Mon Aug 10 22:56:47 2020 +1000
committer	Nigel Tao <nigeltao@golang.org>	Mon Aug 10 22:56:47 2020 +1000
tree	9a74e0a55b6099a5259401a0926e9953f1d3875c
parent	28ef6a786261e02410bb63e95251003c25bb1fb9 [diff]