Bump fuzzlib hash size from 32 to 64
Also have json_fuzzer choose at most one of the BACKSLASH_X quirks.
diff --git a/fuzz/c/fuzzlib/fuzzlib.c b/fuzz/c/fuzzlib/fuzzlib.c
index 29f9a4a..d4c72ef 100644
--- a/fuzz/c/fuzzlib/fuzzlib.c
+++ b/fuzz/c/fuzzlib/fuzzlib.c
@@ -27,14 +27,12 @@
*ptr = 0;
}
-const char* //
-fuzz(wuffs_base__io_buffer* src, uint32_t hash);
-
-static const char* //
-llvmFuzzerTestOneInput(const uint8_t* data, size_t size) {
- // Hash input as per https://en.wikipedia.org/wiki/Jenkins_hash_function
- size_t i = 0;
+// jenkins_hash_u32 implements
+// https://en.wikipedia.org/wiki/Jenkins_hash_function
+static uint32_t //
+jenkins_hash_u32(const uint8_t* data, size_t size) {
uint32_t hash = 0;
+ size_t i = 0;
while (i != size) {
hash += data[i++];
hash += hash << 10;
@@ -43,6 +41,19 @@
hash += hash << 3;
hash ^= hash >> 11;
hash += hash << 15;
+ return hash;
+}
+
+const char* //
+fuzz(wuffs_base__io_buffer* src, uint64_t hash);
+
+static const char* //
+llvmFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ // Make a 64-bit hash out of two 32-bit hashes, each on half of the data.
+ size_t s2 = size / 2;
+ uint32_t hash0 = jenkins_hash_u32(data, s2);
+ uint32_t hash1 = jenkins_hash_u32(data + s2, size - s2);
+ uint64_t hash = (((uint64_t)hash0) << 32) | ((uint64_t)hash1);
wuffs_base__io_buffer src = ((wuffs_base__io_buffer){
.data = ((wuffs_base__slice_u8){
diff --git a/fuzz/c/std/cbor_fuzzer.c b/fuzz/c/std/cbor_fuzzer.c
index fe02c20..a2c5020 100644
--- a/fuzz/c/std/cbor_fuzzer.c
+++ b/fuzz/c/std/cbor_fuzzer.c
@@ -218,7 +218,7 @@
}
uint64_t //
-buffer_limit(uint32_t hash_6_bits, uint64_t min, uint64_t max) {
+buffer_limit(uint64_t hash_6_bits, uint64_t min, uint64_t max) {
uint64_t n;
if (hash_6_bits < 0x20) {
n = min + hash_6_bits;
@@ -234,14 +234,14 @@
}
const char* //
-fuzz_complex(wuffs_base__io_buffer* full_src, uint32_t hash_24_bits) {
+fuzz_complex(wuffs_base__io_buffer* full_src, uint64_t hash_56_bits) {
uint64_t tok_limit = buffer_limit(
- hash_24_bits & 0x3F, WUFFS_CBOR__DECODER_DST_TOKEN_BUFFER_LENGTH_MIN_INCL,
+ hash_56_bits & 0x3F, WUFFS_CBOR__DECODER_DST_TOKEN_BUFFER_LENGTH_MIN_INCL,
TOK_BUFFER_ARRAY_SIZE);
- uint32_t hash_18_bits = hash_24_bits >> 6;
+ uint64_t hash_50_bits = hash_56_bits >> 6;
uint64_t src_limit =
- buffer_limit(hash_18_bits & 0x3F,
+ buffer_limit(hash_50_bits & 0x3F,
WUFFS_CBOR__DECODER_SRC_IO_BUFFER_LENGTH_MIN_INCL, 4096);
// ----
@@ -391,7 +391,7 @@
}
const char* //
-fuzz(wuffs_base__io_buffer* full_src, uint32_t hash) {
+fuzz(wuffs_base__io_buffer* full_src, uint64_t hash) {
// Send 99.6% of inputs to fuzz_complex and the remainder to fuzz_simple. The
// 0xA5 constant is arbitrary but non-zero. If the hash function maps the
// empty input to 0, this still sends the empty input to fuzz_complex.
diff --git a/fuzz/c/std/gif_fuzzer.c b/fuzz/c/std/gif_fuzzer.c
index d2fd1e3..5c483f8 100644
--- a/fuzz/c/std/gif_fuzzer.c
+++ b/fuzz/c/std/gif_fuzzer.c
@@ -61,7 +61,7 @@
#include "../fuzzlib/fuzzlib.c"
const char* //
-fuzz(wuffs_base__io_buffer* src, uint32_t hash) {
+fuzz(wuffs_base__io_buffer* src, uint64_t hash) {
const char* ret = NULL;
wuffs_base__slice_u8 pixbuf = ((wuffs_base__slice_u8){});
wuffs_base__slice_u8 workbuf = ((wuffs_base__slice_u8){});
diff --git a/fuzz/c/std/json_fuzzer.c b/fuzz/c/std/json_fuzzer.c
index 6cb0270..e47bc36 100644
--- a/fuzz/c/std/json_fuzzer.c
+++ b/fuzz/c/std/json_fuzzer.c
@@ -209,7 +209,7 @@
}
uint64_t //
-buffer_limit(uint32_t hash_6_bits, uint64_t min, uint64_t max) {
+buffer_limit(uint64_t hash_6_bits, uint64_t min, uint64_t max) {
uint64_t n;
if (hash_6_bits < 0x20) {
n = min + hash_6_bits;
@@ -224,7 +224,7 @@
return n;
}
-void set_quirks(wuffs_json__decoder* dec, uint32_t hash_12_bits) {
+void set_quirks(wuffs_json__decoder* dec, uint64_t hash_44_bits) {
uint32_t quirks[] = {
WUFFS_JSON__QUIRK_ALLOW_BACKSLASH_A,
WUFFS_JSON__QUIRK_ALLOW_BACKSLASH_CAPITAL_U,
@@ -232,8 +232,8 @@
WUFFS_JSON__QUIRK_ALLOW_BACKSLASH_QUESTION_MARK,
WUFFS_JSON__QUIRK_ALLOW_BACKSLASH_SINGLE_QUOTE,
WUFFS_JSON__QUIRK_ALLOW_BACKSLASH_V,
- WUFFS_JSON__QUIRK_ALLOW_BACKSLASH_X_AS_BYTES,
- WUFFS_JSON__QUIRK_ALLOW_BACKSLASH_X_AS_CODE_POINTS,
+ (hash_44_bits & 1) ? WUFFS_JSON__QUIRK_ALLOW_BACKSLASH_X_AS_BYTES
+ : WUFFS_JSON__QUIRK_ALLOW_BACKSLASH_X_AS_CODE_POINTS,
WUFFS_JSON__QUIRK_ALLOW_BACKSLASH_ZERO,
WUFFS_JSON__QUIRK_ALLOW_COMMENT_BLOCK,
WUFFS_JSON__QUIRK_ALLOW_COMMENT_LINE,
@@ -246,26 +246,29 @@
0,
};
+ // Shift off a bit for the ETC_BACKSLASH_X_ETC choice.
+ uint64_t hash_43_bits = hash_44_bits >> 1;
+
uint32_t i;
for (i = 0; quirks[i]; i++) {
- uint32_t bit = 1 << (i % 12);
- if (hash_12_bits & bit) {
+ uint64_t bit = 1 << (i % 43);
+ if (hash_43_bits & bit) {
wuffs_json__decoder__set_quirk_enabled(dec, quirks[i], true);
}
}
}
const char* //
-fuzz_complex(wuffs_base__io_buffer* full_src, uint32_t hash_24_bits) {
+fuzz_complex(wuffs_base__io_buffer* full_src, uint64_t hash_56_bits) {
uint64_t tok_limit = buffer_limit(
- hash_24_bits & 0x3F, WUFFS_JSON__DECODER_DST_TOKEN_BUFFER_LENGTH_MIN_INCL,
+ hash_56_bits & 0x3F, WUFFS_JSON__DECODER_DST_TOKEN_BUFFER_LENGTH_MIN_INCL,
TOK_BUFFER_ARRAY_SIZE);
- uint32_t hash_18_bits = hash_24_bits >> 6;
+ uint64_t hash_50_bits = hash_56_bits >> 6;
uint64_t src_limit =
- buffer_limit(hash_18_bits & 0x3F,
+ buffer_limit(hash_50_bits & 0x3F,
WUFFS_JSON__DECODER_SRC_IO_BUFFER_LENGTH_MIN_INCL, 4096);
- uint32_t hash_12_bits = hash_18_bits >> 6;
+ uint64_t hash_44_bits = hash_50_bits >> 6;
// ----
@@ -276,7 +279,7 @@
if (!wuffs_base__status__is_ok(&status)) {
return wuffs_base__status__message(&status);
}
- set_quirks(&dec, hash_12_bits);
+ set_quirks(&dec, hash_44_bits);
wuffs_base__token tok_array[TOK_BUFFER_ARRAY_SIZE];
wuffs_base__token_buffer tok = ((wuffs_base__token_buffer){
@@ -415,7 +418,7 @@
}
const char* //
-fuzz(wuffs_base__io_buffer* full_src, uint32_t hash) {
+fuzz(wuffs_base__io_buffer* full_src, uint64_t hash) {
// Send 99.6% of inputs to fuzz_complex and the remainder to fuzz_simple. The
// 0xA5 constant is arbitrary but non-zero. If the hash function maps the
// empty input to 0, this still sends the empty input to fuzz_complex.
diff --git a/fuzz/c/std/zlib_fuzzer.c b/fuzz/c/std/zlib_fuzzer.c
index 2571b65..4f104d4 100644
--- a/fuzz/c/std/zlib_fuzzer.c
+++ b/fuzz/c/std/zlib_fuzzer.c
@@ -75,7 +75,7 @@
#endif
const char* //
-fuzz(wuffs_base__io_buffer* src, uint32_t hash) {
+fuzz(wuffs_base__io_buffer* src, uint64_t hash) {
wuffs_zlib__decoder dec;
wuffs_base__status status = wuffs_zlib__decoder__initialize(
&dec, sizeof dec, WUFFS_VERSION,