fuzz: Fix FUZZ_malloc_rand() to return non-NULL for zero-size allocations

Dominik Loidolt · Dominik Loidolt · commit 30fa5b0d323f · 2025-06-05T15:36:29.000+02:00
The FUZZ_malloc_rand() function was incorrectly always returning NULL for
zero-size allocations. The random offset generated by
FUZZ_dataProducer_int32Range() was not being added to the pointer variable,
causing the function to always return (void *)0.
diff --git a/tests/fuzz/fuzz_helpers.c b/tests/fuzz/fuzz_helpers.c
@@ -31,9 +31,9 @@ void* FUZZ_malloc_rand(size_t size, FUZZ_dataProducer_t *producer)
         return mem;
     } else {
         uintptr_t ptr = 0;
-        /* Add +- 1M 50% of the time */
+        /* Return junk pointer 50% of the time */
         if (FUZZ_dataProducer_uint32Range(producer, 0, 1))
-            FUZZ_dataProducer_int32Range(producer, -1000000, 1000000);
+            ptr += FUZZ_dataProducer_int32Range(producer, -1000000, 1000000);
         return (void*)ptr;
     }
 
