Use signed size_increase_hint

6 files changed, 26 insertions, 19 deletions

diff --git a/src/libfuzzer/libfuzzer_macro.cc b/src/libfuzzer/libfuzzer_macro.cc
index b95a7e8..ed4bc7a 100644
--- a/src/libfuzzer/libfuzzer_macro.cc
+++ b/src/libfuzzer/libfuzzer_macro.cc
@@ -14,6 +14,8 @@
 
 #include "src/libfuzzer/libfuzzer_macro.h"
 
+#include <algorithm>
+
 #include "src/binary_format.h"
 #include "src/libfuzzer/libfuzzer_mutator.h"
 #include "src/text_format.h"
diff --git a/src/libfuzzer/libfuzzer_mutator.cc b/src/libfuzzer/libfuzzer_mutator.cc
index 979cebf..c8bca64 100644
--- a/src/libfuzzer/libfuzzer_mutator.cc
+++ b/src/libfuzzer/libfuzzer_mutator.cc
@@ -16,6 +16,7 @@
 
 #include <string.h>
 
+#include <algorithm>
 #include <cassert>
 #include <memory>
 #include <string>
@@ -82,13 +83,14 @@ float Mutator::MutateFloat(float value) { return MutateValue(value); }
 double Mutator::MutateDouble(double value) { return MutateValue(value); }
 
 std::string Mutator::MutateString(const std::string& value,
-                                  size_t size_increase_hint) {
+                                  int size_increase_hint) {
   // Randomly return empty strings as LLVMFuzzerMutate does not produce them.
   // Use uint16_t because on Windows, uniform_int_distribution does not support
   // any 8 bit types.
   if (!std::uniform_int_distribution<uint16_t>(0, 20)(*random())) return {};
   std::string result = value;
-  result.resize(value.size() + size_increase_hint);
+  result.resize(value.size() +
+                std::max<int>(-value.size(), size_increase_hint));
   if (result.empty()) result.push_back(0);
   result.resize(LLVMFuzzerMutate(reinterpret_cast<uint8_t*>(&result[0]),
                                  value.size(), result.size()));
diff --git a/src/libfuzzer/libfuzzer_mutator.h b/src/libfuzzer/libfuzzer_mutator.h
index 45ea908..04d6604 100644
--- a/src/libfuzzer/libfuzzer_mutator.h
+++ b/src/libfuzzer/libfuzzer_mutator.h
@@ -37,7 +37,7 @@ class Mutator : public protobuf_mutator::Mutator {
   float MutateFloat(float value) override;
   double MutateDouble(double value) override;
   std::string MutateString(const std::string& value,
-                           size_t size_increase_hint) override;
+                           int size_increase_hint) override;
 };
 
 }  // namespace libfuzzer
diff --git a/src/mutator.cc b/src/mutator.cc
index 1ec8a61..19ccc19 100644
--- a/src/mutator.cc
+++ b/src/mutator.cc
@@ -334,7 +334,7 @@ class DataSourceSampler {
 
 class FieldMutator {
  public:
-  FieldMutator(size_t size_increase_hint, bool enforce_changes,
+  FieldMutator(int size_increase_hint, bool enforce_changes,
                bool enforce_utf8_strings, const protobuf::Message& source,
                Mutator* mutator)
       : size_increase_hint_(size_increase_hint),
@@ -409,7 +409,7 @@ class FieldMutator {
     }
   }
 
-  size_t size_increase_hint_;
+  int size_increase_hint_;
   size_t enforce_changes_;
   bool enforce_utf8_strings_;
   const protobuf::Message& source_;
@@ -420,7 +420,7 @@ namespace {
 
 struct MutateField : public FieldFunction<MutateField> {
   template <class T>
-  void ForType(const FieldInstance& field, size_t size_increase_hint,
+  void ForType(const FieldInstance& field, int size_increase_hint,
                const protobuf::Message& source, Mutator* mutator) const {
     T value;
     field.Load(&value);
@@ -433,7 +433,7 @@ struct MutateField : public FieldFunction<MutateField> {
 struct CreateField : public FieldFunction<CreateField> {
  public:
   template <class T>
-  void ForType(const FieldInstance& field, size_t size_increase_hint,
+  void ForType(const FieldInstance& field, int size_increase_hint,
                const protobuf::Message& source, Mutator* mutator) const {
     T value;
     field.GetDefault(&value);
@@ -451,7 +451,8 @@ void Mutator::Seed(uint32_t value) { random_.seed(value); }
 
 void Mutator::Mutate(Message* message, size_t max_size_hint) {
   MutateImpl(*message, message,
-             max_size_hint - std::min(max_size_hint, message->ByteSizeLong()));
+             static_cast<int>(max_size_hint) -
+                 static_cast<int>(message->ByteSizeLong()));
 
   InitializeAndTrim(message, kMaxInitializeDepth);
   assert(IsInitialized(*message));
@@ -495,11 +496,11 @@ void Mutator::ApplyPostProcessing(Message* message) {
 }
 
 void Mutator::MutateImpl(const Message& source, Message* message,
-                         size_t size_increase_hint) {
-  size_increase_hint /= 2;
+                         int size_increase_hint) {
+  if (size_increase_hint > 0) size_increase_hint /= 2;
   for (;;) {
-    MutationSampler mutation(keep_initialized_, size_increase_hint, &random_,
-                             message);
+    MutationSampler mutation(keep_initialized_, size_increase_hint > 0,
+                             &random_, message);
     switch (mutation.mutation()) {
       case Mutation::None:
         return;
@@ -682,14 +683,16 @@ size_t Mutator::MutateEnum(size_t index, size_t item_count) {
 }
 
 std::string Mutator::MutateString(const std::string& value,
-                                  size_t size_increase_hint) {
+                                  int size_increase_hint) {
   std::string result = value;
 
   while (!result.empty() && GetRandomBool(&random_)) {
     result.erase(GetRandomIndex(&random_, result.size()), 1);
   }
 
-  while (result.size() < size_increase_hint && GetRandomBool(&random_)) {
+  while (size_increase_hint > 0 &&
+         result.size() < static_cast<size_t>(size_increase_hint) &&
+         GetRandomBool(&random_)) {
     size_t index = GetRandomIndex(&random_, result.size() + 1);
     result.insert(result.begin() + index, GetRandomIndex(&random_, 1 << 8));
   }
@@ -707,7 +710,7 @@ std::string Mutator::MutateString(const std::string& value,
 }
 
 std::string Mutator::MutateUtf8String(const std::string& value,
-                                      size_t size_increase_hint) {
+                                      int size_increase_hint) {
   std::string str = MutateString(value, size_increase_hint);
   FixUtf8String(&str, &random_);
   return str;
diff --git a/src/mutator.h b/src/mutator.h
index 2dfac58..6e69892 100644
--- a/src/mutator.h
+++ b/src/mutator.h
@@ -82,7 +82,7 @@ class Mutator {
   virtual bool MutateBool(bool value);
   virtual size_t MutateEnum(size_t index, size_t item_count);
   virtual std::string MutateString(const std::string& value,
-                                   size_t size_increase_hint);
+                                   int size_increase_hint);
 
   RandomEngine* random() { return &random_; }
 
@@ -91,11 +91,11 @@ class Mutator {
   friend class TestMutator;
   void InitializeAndTrim(protobuf::Message* message, int max_depth);
   void MutateImpl(const protobuf::Message& source, protobuf::Message* message,
-                  size_t size_increase_hint);
+                  int size_increase_hint);
   void CrossOverImpl(const protobuf::Message& message1,
                      protobuf::Message* message2);
   std::string MutateUtf8String(const std::string& value,
-                               size_t size_increase_hint);
+                               int size_increase_hint);
   void ApplyPostProcessing(protobuf::Message* message);
   bool IsInitialized(const protobuf::Message& message) const;
   bool keep_initialized_ = true;
diff --git a/src/mutator_test.cc b/src/mutator_test.cc
index 7e8a1bb..1369f10 100644
--- a/src/mutator_test.cc
+++ b/src/mutator_test.cc
@@ -258,7 +258,7 @@ class ReducedTestMutator : public TestMutator {
   float MutateFloat(float value) override { return GetRandomValue(); }
   double MutateDouble(double value) override { return GetRandomValue(); }
   std::string MutateString(const std::string& value,
-                           size_t size_increase_hint) override {
+                           int size_increase_hint) override {
     return strings_[std::uniform_int_distribution<>(
         0, strings_.size() - 1)(*random())];
   }