Use range instead of the generic uint32 method to use less bytes when generating necessary numbers.

tests/fuzz/block_round_trip.c

@@ -20,10 +20,9 @@
 #include <string.h>
 #include "fuzz_helpers.h"
 #include "zstd.h"
+#include "zstd_helpers.h"
 #include "fuzz_data_producer.h"
 
-static const int kMaxClevel = 19;
-
 static ZSTD_CCtx *cctx = NULL;
 static ZSTD_DCtx *dctx = NULL;
 static void* cBuf = NULL;
@@ -57,7 +56,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
     FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(src, size);
     size = FUZZ_dataProducer_reserveDataPrefix(producer);
 
-    int cLevel = FUZZ_dataProducer_uint32(producer) % kMaxClevel;
+    int const cLevel = FUZZ_dataProducer_int32Range(producer, kMinClevel, kMaxClevel);
 
     size_t neededBufSize = size;
     if (size > ZSTD_BLOCKSIZE_MAX)

tests/fuzz/dictionary_decompress.c

@@ -31,7 +31,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
 
     FUZZ_dict_t dict;
     ZSTD_DDict* ddict = NULL;
-    int i;
 
     if (!dctx) {
         dctx = ZSTD_createDCtx();
@@ -49,7 +48,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
     }
 
     {
-        size_t const bufSize = FUZZ_dataProducer_uint32Range(producer, 0, 2 * size);
+        size_t const bufSize = FUZZ_dataProducer_uint32Range(producer, 0, 10 * size);
         void* rBuf = malloc(bufSize);
         FUZZ_ASSERT(rBuf);
         if (ddict) {

tests/fuzz/dictionary_round_trip.c

@@ -21,8 +21,6 @@
 #include "zstd_helpers.h"
 #include "fuzz_data_producer.h"
 
-static const int kMaxClevel = 19;
-
 static ZSTD_CCtx *cctx = NULL;
 static ZSTD_DCtx *dctx = NULL;
 
@@ -34,8 +32,8 @@ static size_t roundTripTest(void *result, size_t resultCapacity,
     ZSTD_dictContentType_e dictContentType = ZSTD_dct_auto;
     FUZZ_dict_t dict = FUZZ_train(src, srcSize, producer);
     size_t cSize;
-    if ((FUZZ_dataProducer_uint32(producer) & 15) == 0) {
-        int const cLevel = FUZZ_dataProducer_uint32(producer) % kMaxClevel;
+    if (FUZZ_dataProducer_uint32Range(producer, 0, 15) == 0) {
+        int const cLevel = FUZZ_dataProducer_int32Range(producer, kMinClevel, kMaxClevel);
 
         cSize = ZSTD_compress_usingDict(cctx,
                 compressed, compressedCapacity,

tests/fuzz/fuzz_data_producer.c

@@ -52,6 +52,17 @@ uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer) {
     return FUZZ_dataProducer_uint32Range(producer, 0, 0xffffffff);
 }
 
+int32_t FUZZ_dataProducer_int32Range(FUZZ_dataProducer_t *producer,
+                                    int32_t min, int32_t max)
+{
+    FUZZ_ASSERT(min <= max);
+
+    if (min < 0)
+      return (int)FUZZ_dataProducer_uint32Range(producer, 0, max - min) + min;
+
+    return FUZZ_dataProducer_uint32Range(producer, min, max);
+}
+
 size_t FUZZ_dataProducer_remainingBytes(FUZZ_dataProducer_t *producer){
     return producer->size;
 }

tests/fuzz/fuzz_data_producer.h

@@ -41,6 +41,10 @@ uint32_t FUZZ_dataProducer_uint32Range(FUZZ_dataProducer_t *producer, uint32_t m
 /* Returns a uint32 value */
 uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer);
 
+/* Returns a signed value between [min, ,max] */
+int32_t FUZZ_dataProducer_int32Range(FUZZ_dataProducer_t *producer,
+                                    int32_t min, int32_t max);
+
 /* Returns the size of the remaining bytes of data in the producer */
 size_t FUZZ_dataProducer_remainingBytes(FUZZ_dataProducer_t *producer);
 

tests/fuzz/simple_compress.c

@@ -18,6 +18,7 @@
 #include <stdio.h>
 #include "fuzz_helpers.h"
 #include "zstd.h"
+#include "zstd_helpers.h"
 #include "fuzz_data_producer.h"
 
 static ZSTD_CCtx *cctx = NULL;
@@ -32,8 +33,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
     size_t const maxSize = ZSTD_compressBound(size);
     size_t const bufSize = FUZZ_dataProducer_uint32Range(producer, 0, maxSize);
 
-    int const level = (int)FUZZ_dataProducer_uint32Range(
-      producer, 0, 19 + 3) - 3; /* [-3, 19] */
+    int const cLevel = FUZZ_dataProducer_int32Range(producer, kMinClevel, kMaxClevel);
 
     if (!cctx) {
         cctx = ZSTD_createCCtx();
@@ -42,7 +42,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
 
     void *rBuf = malloc(bufSize);
     FUZZ_ASSERT(rBuf);
-    ZSTD_compressCCtx(cctx, rBuf, bufSize, src, size, level);
+    ZSTD_compressCCtx(cctx, rBuf, bufSize, src, size, cLevel);
     free(rBuf);
     FUZZ_dataProducer_free(producer);
 #ifndef STATEFUL_FUZZING

tests/fuzz/simple_round_trip.c

@@ -22,8 +22,6 @@
 #include "zstd_helpers.h"
 #include "fuzz_data_producer.h"
 
-static const int kMaxClevel = 19;
-
 static ZSTD_CCtx *cctx = NULL;
 static ZSTD_DCtx *dctx = NULL;
 
@@ -33,11 +31,12 @@ static size_t roundTripTest(void *result, size_t resultCapacity,
                             FUZZ_dataProducer_t *producer)
 {
     size_t cSize;
-    if (FUZZ_dataProducer_uint32(producer) & 1) {
+    if (FUZZ_dataProducer_uint32Range(producer, 0, 1)) {
         FUZZ_setRandomParameters(cctx, srcSize, producer);
         cSize = ZSTD_compress2(cctx, compressed, compressedCapacity, src, srcSize);
     } else {
-        int const cLevel = FUZZ_dataProducer_uint32(producer) % kMaxClevel;
+      int const cLevel = FUZZ_dataProducer_int32Range(producer, kMinClevel, kMaxClevel);
+
         cSize = ZSTD_compressCCtx(
             cctx, compressed, compressedCapacity, src, srcSize, cLevel);
     }
@@ -62,7 +61,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
      * field is empty, giving us 4 bytes of overhead.
      */
     cBufSize -= FUZZ_dataProducer_uint32Range(producer, 0, 1);
-    size = FUZZ_dataProducer_remainingBytes(producer);
 
     cBuf = malloc(cBufSize);
 

tests/fuzz/stream_decompress.c

@@ -31,7 +31,7 @@ static ZSTD_outBuffer makeOutBuffer(FUZZ_dataProducer_t *producer)
 {
   ZSTD_outBuffer buffer = { buf, 0, 0 };
 
-  buffer.size = (FUZZ_dataProducer_uint32(producer) % kBufSize) + 1;
+  buffer.size = (FUZZ_dataProducer_uint32Range(producer, 1, kBufSize));
   FUZZ_ASSERT(buffer.size <= kBufSize);
 
   return buffer;
@@ -43,7 +43,7 @@ static ZSTD_inBuffer makeInBuffer(const uint8_t **src, size_t *size,
   ZSTD_inBuffer buffer = { *src, 0, 0 };
 
   FUZZ_ASSERT(*size > 0);
-  buffer.size = (FUZZ_dataProducer_uint32(producer) % *size) + 1;
+  buffer.size = (FUZZ_dataProducer_uint32Range(producer, 1, *size));
   FUZZ_ASSERT(buffer.size <= *size);
   *src += buffer.size;
   *size -= buffer.size;

tests/fuzz/stream_round_trip.c

@@ -34,7 +34,7 @@ static ZSTD_outBuffer makeOutBuffer(uint8_t *dst, size_t capacity,
     ZSTD_outBuffer buffer = { dst, 0, 0 };
 
     FUZZ_ASSERT(capacity > 0);
-    buffer.size = (FUZZ_dataProducer_uint32(producer) % capacity) + 1;
+    buffer.size = (FUZZ_dataProducer_uint32Range(producer, 1, capacity));
     FUZZ_ASSERT(buffer.size <= capacity);
 
     return buffer;
@@ -46,7 +46,7 @@ static ZSTD_inBuffer makeInBuffer(const uint8_t **src, size_t *size,
     ZSTD_inBuffer buffer = { *src, 0, 0 };
 
     FUZZ_ASSERT(*size > 0);
-    buffer.size = (FUZZ_dataProducer_uint32(producer) % *size) + 1;
+    buffer.size = (FUZZ_dataProducer_uint32Range(producer, 1, *size));
     FUZZ_ASSERT(buffer.size <= *size);
     *src += buffer.size;
     *size -= buffer.size;
@@ -69,7 +69,7 @@ static size_t compress(uint8_t *dst, size_t capacity,
         while (in.pos < in.size || mode != -1) {
             ZSTD_outBuffer out = makeOutBuffer(dst, capacity, producer);
             /* Previous action finished, pick a new mode. */
-            if (mode == -1) mode = FUZZ_dataProducer_uint32(producer) % 10;
+            if (mode == -1) mode = FUZZ_dataProducer_uint32Range(producer, 0, 9);
             switch (mode) {
                 case 0: /* fall-through */
                 case 1: /* fall-through */
@@ -88,7 +88,7 @@ static size_t compress(uint8_t *dst, size_t capacity,
                     /* Reset the compressor when the frame is finished */
                     if (ret == 0) {
                         ZSTD_CCtx_reset(cctx, ZSTD_reset_session_only);
-                        if ((FUZZ_dataProducer_uint32(producer) & 7) == 0) {
+                        if (FUZZ_dataProducer_uint32Range(producer, 0, 7) == 0) {
                             size_t const remaining = in.size - in.pos;
                             FUZZ_setRandomParameters(cctx, remaining, producer);
                         }

tests/fuzz/zstd_helpers.c

@@ -17,6 +17,9 @@
 #include "zstd.h"
 #include "zdict.h"
 
+const int kMinClevel = -3;
+const int kMaxClevel = 19;
+
 static void set(ZSTD_CCtx *cctx, ZSTD_cParameter param, int value)
 {
     FUZZ_ZASSERT(ZSTD_CCtx_setParameter(cctx, param, value));

tests/fuzz/zstd_helpers.h

@@ -24,6 +24,9 @@
 extern "C" {
 #endif
 
+extern const int kMinClevel;
+extern const int kMaxClevel;
+
 void FUZZ_setRandomParameters(ZSTD_CCtx *cctx, size_t srcSize, FUZZ_dataProducer_t *producer);
 
 ZSTD_compressionParameters FUZZ_randomCParams(size_t srcSize, FUZZ_dataProducer_t *producer);
@@ -41,7 +44,6 @@ typedef struct {
  */
 FUZZ_dict_t FUZZ_train(void const* src, size_t srcSize, FUZZ_dataProducer_t *producer);
 
-
 #ifdef __cplusplus
 }
 #endif