fuzzing: Test g_uri_unescape_segment() as well as g_uri_unescape_bytes()

They have different `%`-encoding behaviour, and probably both deserve to
be tested.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

fuzzing/fuzz_uri_escape.c

@@ -1,19 +1,18 @@
 #include "fuzz.h"
 
-int
+static void
-LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+test_bytes (const guint8 *data,
+            gsize         size)
 {
   GBytes *unescaped_bytes = NULL;
   gchar *escaped_string = NULL;
 
-  fuzz_set_logging_func ();
-
   if (size > G_MAXSSIZE)
-    return 0;
+    return;
 
   unescaped_bytes = g_uri_unescape_bytes ((const gchar *) data, (gssize) size);
   if (unescaped_bytes == NULL)
-    return 0;
+    return;
 
   escaped_string = g_uri_escape_bytes (g_bytes_get_data (unescaped_bytes, NULL),
                                        g_bytes_get_size (unescaped_bytes),
@@ -21,9 +20,41 @@ LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
   g_bytes_unref (unescaped_bytes);
 
   if (escaped_string == NULL)
-    return 0;
+    return;
 
   g_free (escaped_string);
+}
+
+static void
+test_string (const guint8 *data,
+             gsize         size)
+{
+  gchar *unescaped_string = NULL;
+  gchar *escaped_string = NULL;
+
+  unescaped_string = g_uri_unescape_segment ((const gchar *) data, (const gchar *) data + size, NULL);
+  if (unescaped_string == NULL)
+    return;
+
+  escaped_string = g_uri_escape_string (unescaped_string, NULL, TRUE);
+  g_free (unescaped_string);
+
+  if (escaped_string == NULL)
+    return;
+
+  g_free (escaped_string);
+}
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  fuzz_set_logging_func ();
+
+  /* Bytes form */
+  test_bytes (data, size);
+
+  /* String form (doesn’t do %-decoding) */
+  test_string (data, size);
 
   return 0;
 }