From 67ba5bfe601f858f8ae3266142008dc90fbbe1b5 Mon Sep 17 00:00:00 2001
From: Philip Withnall <withnall@endlessm.com>
Date: Wed, 1 Jul 2020 12:20:45 +0100
Subject: [PATCH] fuzzing: Test g_uri_unescape_segment() as well as
 g_uri_unescape_bytes()

They have different `%`-encoding behaviour, and probably both deserve to
be tested.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
---
 fuzzing/fuzz_uri_escape.c | 45 +++++++++++++++++++++++++++++++++------
 1 file changed, 38 insertions(+), 7 deletions(-)

diff --git a/fuzzing/fuzz_uri_escape.c b/fuzzing/fuzz_uri_escape.c
index 3b3afa734..3ee7f7089 100644
--- a/fuzzing/fuzz_uri_escape.c
+++ b/fuzzing/fuzz_uri_escape.c
@@ -1,19 +1,18 @@
 #include "fuzz.h"
 
-int
-LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+static void
+test_bytes (const guint8 *data,
+            gsize         size)
 {
   GBytes *unescaped_bytes = NULL;
   gchar *escaped_string = NULL;
 
-  fuzz_set_logging_func ();
-
   if (size > G_MAXSSIZE)
-    return 0;
+    return;
 
   unescaped_bytes = g_uri_unescape_bytes ((const gchar *) data, (gssize) size);
   if (unescaped_bytes == NULL)
-    return 0;
+    return;
 
   escaped_string = g_uri_escape_bytes (g_bytes_get_data (unescaped_bytes, NULL),
                                        g_bytes_get_size (unescaped_bytes),
@@ -21,9 +20,41 @@ LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
   g_bytes_unref (unescaped_bytes);
 
   if (escaped_string == NULL)
-    return 0;
+    return;
 
   g_free (escaped_string);
+}
+
+static void
+test_string (const guint8 *data,
+             gsize         size)
+{
+  gchar *unescaped_string = NULL;
+  gchar *escaped_string = NULL;
+
+  unescaped_string = g_uri_unescape_segment ((const gchar *) data, (const gchar *) data + size, NULL);
+  if (unescaped_string == NULL)
+    return;
+
+  escaped_string = g_uri_escape_string (unescaped_string, NULL, TRUE);
+  g_free (unescaped_string);
+
+  if (escaped_string == NULL)
+    return;
+
+  g_free (escaped_string);
+}
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  fuzz_set_logging_func ();
+
+  /* Bytes form */
+  test_bytes (data, size);
+
+  /* String form (doesn’t do %-decoding) */
+  test_string (data, size);
 
   return 0;
 }