From e1d7d71e0b7973006fadad5bb06af7cc2af69021 Mon Sep 17 00:00:00 2001
From: phi-go <github@philipp-goerz.com>
Date: Thu, 23 Jan 2025 10:01:42 +0100
Subject: [PATCH 1/3] return 0 for TestOneInput

libFuzzer discards inputs when returning non-zero, and so gets stuck for
some targets
---
 fuzztest/fuzzmain.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/fuzztest/fuzzmain.c b/fuzztest/fuzzmain.c
index e8226de2..9be1bb2d 100644
--- a/fuzztest/fuzzmain.c
+++ b/fuzztest/fuzzmain.c
@@ -497,21 +497,26 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
 #if defined(TEST_FUZZ1)
 	/* fuzz target 1: different URI for HTTP/1 server */
-	return LLVMFuzzerTestOneInput_URI(data, size);
+	LLVMFuzzerTestOneInput_URI(data, size);
+  return 0;
 #elif defined(TEST_FUZZ2)
 	/* fuzz target 2: different requests for HTTP/1 server */
-	return LLVMFuzzerTestOneInput_REQUEST(data, size);
+	LLVMFuzzerTestOneInput_REQUEST(data, size);
+  return 0;
 #elif defined(TEST_FUZZ3)
 	/* fuzz target 3: different responses for HTTP/1 client */
-	return LLVMFuzzerTestOneInput_RESPONSE(data, size);
+	LLVMFuzzerTestOneInput_RESPONSE(data, size);
+  return 0;
 #elif defined(TEST_FUZZ4)
 #error "Only useful in HTTP/2 feature branch"
 	/* fuzz target 4: different requests for HTTP/2 server */
-	return LLVMFuzzerTestOneInput_REQUEST_HTTP2(data, size);
+	LLVMFuzzerTestOneInput_REQUEST_HTTP2(data, size);
+  return 0;
 #elif defined(TEST_FUZZ5)
 	/* fuzz target 5: calling an internal server test function,
 	 *                bypassing network sockets */
-	return LLVMFuzzerTestOneInput_process_new_connection(data, size);
+	LLVMFuzzerTestOneInput_process_new_connection(data, size);
+  return 0;
 #else
 /* planned targets */
 #error "Unknown fuzz target"

From 413387fcd813cb3cc77c9d6f4f9e9fbcaad44f98 Mon Sep 17 00:00:00 2001
From: phi-go <github@philipp-goerz.com>
Date: Thu, 23 Jan 2025 10:49:03 +0100
Subject: [PATCH 2/3] formatting

---
 fuzztest/fuzzmain.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/fuzztest/fuzzmain.c b/fuzztest/fuzzmain.c
index 9be1bb2d..89424656 100644
--- a/fuzztest/fuzzmain.c
+++ b/fuzztest/fuzzmain.c
@@ -498,25 +498,25 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 #if defined(TEST_FUZZ1)
 	/* fuzz target 1: different URI for HTTP/1 server */
 	LLVMFuzzerTestOneInput_URI(data, size);
-  return 0;
+	return 0;
 #elif defined(TEST_FUZZ2)
 	/* fuzz target 2: different requests for HTTP/1 server */
 	LLVMFuzzerTestOneInput_REQUEST(data, size);
-  return 0;
+	return 0;
 #elif defined(TEST_FUZZ3)
 	/* fuzz target 3: different responses for HTTP/1 client */
 	LLVMFuzzerTestOneInput_RESPONSE(data, size);
-  return 0;
+	return 0;
 #elif defined(TEST_FUZZ4)
 #error "Only useful in HTTP/2 feature branch"
 	/* fuzz target 4: different requests for HTTP/2 server */
 	LLVMFuzzerTestOneInput_REQUEST_HTTP2(data, size);
-  return 0;
+	return 0;
 #elif defined(TEST_FUZZ5)
 	/* fuzz target 5: calling an internal server test function,
 	 *                bypassing network sockets */
 	LLVMFuzzerTestOneInput_process_new_connection(data, size);
-  return 0;
+	return 0;
 #else
 /* planned targets */
 #error "Unknown fuzz target"

From b2c1d1bee777a13a7feb8a8d123b6552e3bd9fa7 Mon Sep 17 00:00:00 2001
From: phi-go <github@philipp-goerz.com>
Date: Thu, 23 Jan 2025 11:57:59 +0100
Subject: [PATCH 3/3] use LLVMFuzzerInitialize

---
 fuzztest/fuzzmain.c | 45 ++++++++++++++++++++++++---------------------
 1 file changed, 24 insertions(+), 21 deletions(-)

diff --git a/fuzztest/fuzzmain.c b/fuzztest/fuzzmain.c
index 89424656..df26768c 100644
--- a/fuzztest/fuzzmain.c
+++ b/fuzztest/fuzzmain.c
@@ -45,9 +45,6 @@ unsigned short PORT_NUM_HTTP = 0; /* set dynamically */
 	}
 
 
-static uint64_t call_count = 0;
-
-
 /********************************************************/
 /* Init CivetWeb server ... test with mock client       */
 /********************************************************/
@@ -110,6 +107,17 @@ civetweb_init(void)
 	atexit(civetweb_exit);
 }
 
+int LLVMFuzzerInitialize(int *argc, char ***argv);
+
+int
+LLVMFuzzerInitialize(int *argc, char ***argv) {
+  // Silence unused args warning.
+	(void)(argc);
+	(void)(argv);
+
+	civetweb_init();
+  return 0;
+}
 
 #if defined(TEST_FUZZ1)
 static int
@@ -202,19 +210,12 @@ test_civetweb_client(const char *server,
 	return 0;
 }
 
-
 static int
 LLVMFuzzerTestOneInput_URI(const uint8_t *data, size_t size)
 {
 	static char URI[1024 * 64]; /* static, to avoid stack overflow */
 
-	if (call_count == 0) {
-		memset(URI, 0, sizeof(URI));
-		civetweb_init();
-	}
-	call_count++;
-
-	if (size < sizeof(URI)) {
+	if (size+1 < sizeof(URI)) {
 		memcpy(URI, data, size);
 		URI[size] = 0;
 	} else {
@@ -230,11 +231,6 @@ LLVMFuzzerTestOneInput_URI(const uint8_t *data, size_t size)
 static int
 LLVMFuzzerTestOneInput_REQUEST(const uint8_t *data, size_t size)
 {
-	if (call_count == 0) {
-		civetweb_init();
-	}
-	call_count++;
-
 	int r;
 	SOCKET sock = socket(AF_INET, SOCK_STREAM, 6);
 	if (sock == -1) {
@@ -446,15 +442,22 @@ mock_server_init(void)
 	atexit(mock_server_exit);
 }
 
+int LLVMFuzzerInitialize(int *argc, char ***argv);
+
+int
+LLVMFuzzerInitialize(int *argc, char ***argv) {
+  // Silence unused args warning.
+	(void)(argc);
+	(void)(argv);
+
+	mock_server_init();
+  return 0;
+}
+
 
 static int
 LLVMFuzzerTestOneInput_RESPONSE(const uint8_t *data, size_t size)
 {
-	if (call_count == 0) {
-		mock_server_init();
-	}
-	call_count++;
-
 	if (size > sizeof(RESPONSE.data)) {
 		return 1;
 	}