From 35c4026c7feedd32420b6e24f878676f407acf12 Mon Sep 17 00:00:00 2001 From: yhirose Date: Fri, 1 May 2026 21:50:26 +0900 Subject: [PATCH] Make fuzz_test robust to missing corpus files When a glob like clusterfuzz-testcase-minimized-foo_fuzzer-* did not match anything, bash passed the literal pattern through. The standalone runner then tried to open it, tellg() returned -1, and the resulting size_t cast (SIZE_MAX) crashed std::vector with length_error. This made fuzz_test fail loudly during bisects to commits before a corpus file landed. Filter each glob through a -f test so unmatched patterns are silently skipped with a "(no XXX corpus)" notice, mirroring what was already done for url_parser_fuzzer. --- test/Makefile | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/test/Makefile b/test/Makefile index f035b24..48c3580 100644 --- a/test/Makefile +++ b/test/Makefile @@ -257,11 +257,14 @@ test_proxy_wolfssl : test_proxy.cc ../httplib.h Makefile cert.pem # Override for actual fuzzing: # make fuzz_test LIB_FUZZING_ENGINE=/path/to/libFuzzer fuzz_test: server_fuzzer client_fuzzer header_parser_fuzzer url_parser_fuzzer - ./server_fuzzer fuzzing/corpus/[0-9]* fuzzing/corpus/issue1264 fuzzing/corpus/clusterfuzz-testcase-minimized-server_fuzzer-* - ./client_fuzzer fuzzing/corpus/clusterfuzz-testcase-minimized-client_fuzzer-* - ./header_parser_fuzzer fuzzing/corpus/clusterfuzz-testcase-minimized-header_parser_fuzzer-* - @matches=$$(find fuzzing/corpus -maxdepth 1 -type f -name 'clusterfuzz-testcase-minimized-url_parser_fuzzer-*'); \ - if [ -n "$$matches" ]; then ./url_parser_fuzzer $$matches; else echo "(no url_parser_fuzzer corpus)"; fi + @m=""; for f in fuzzing/corpus/[0-9]* fuzzing/corpus/issue1264 fuzzing/corpus/clusterfuzz-testcase-minimized-server_fuzzer-*; do if [ -f "$$f" ]; then m="$$m $$f"; fi; done; \ + if [ -n "$$m" ]; then echo "./server_fuzzer$$m"; ./server_fuzzer $$m; else echo "(no server_fuzzer corpus)"; fi + @m=""; for f in fuzzing/corpus/clusterfuzz-testcase-minimized-client_fuzzer-*; do if [ -f "$$f" ]; then m="$$m $$f"; fi; done; \ + if [ -n "$$m" ]; then echo "./client_fuzzer$$m"; ./client_fuzzer $$m; else echo "(no client_fuzzer corpus)"; fi + @m=""; for f in fuzzing/corpus/clusterfuzz-testcase-minimized-header_parser_fuzzer-*; do if [ -f "$$f" ]; then m="$$m $$f"; fi; done; \ + if [ -n "$$m" ]; then echo "./header_parser_fuzzer$$m"; ./header_parser_fuzzer $$m; else echo "(no header_parser_fuzzer corpus)"; fi + @m=""; for f in fuzzing/corpus/clusterfuzz-testcase-minimized-url_parser_fuzzer-*; do if [ -f "$$f" ]; then m="$$m $$f"; fi; done; \ + if [ -n "$$m" ]; then echo "./url_parser_fuzzer$$m"; ./url_parser_fuzzer $$m; else echo "(no url_parser_fuzzer corpus)"; fi # Fuzz target, so that you can choose which $(LIB_FUZZING_ENGINE) to use. server_fuzzer : fuzzing/server_fuzzer.cc ../httplib.h standalone_fuzz_target_runner.o