fuzz: Support variable integer sizes in fuzz data

Also switch to big-endian.

fuzz/fuzz.c

@@ -83,21 +83,46 @@ xmlFuzzDataCleanup(void) {
     xmlHashFree(fuzzData.entities, xmlHashDefaultDeallocator);
 }
 
+/**
+ * xmlFuzzWriteInt:
+ * @out:  output file
+ * @v:  integer to write
+ * @size:  size of integer in bytes
+ *
+ * Write an integer to the fuzz data.
+ */
+void
+xmlFuzzWriteInt(FILE *out, size_t v, int size) {
+    int shift;
+
+    while (size > (int) sizeof(size_t)) {
+        putc(0, out);
+        size--;
+    }
+
+    shift = size * 8;
+    while (shift > 0) {
+        shift -= 8;
+        putc((v >> shift) & 255, out);
+    }
+}
+
 /**
  * xmlFuzzReadInt:
- * @size:  size of string in bytes
+ * @size:  size of integer in bytes
  *
  * Read an integer from the fuzz data.
  */
-int
-xmlFuzzReadInt(void) {
-    int ret;
+size_t
+xmlFuzzReadInt(int size) {
+    size_t ret = 0;
 
-    if (fuzzData.remaining < sizeof(int))
-        return(0);
-    memcpy(&ret, fuzzData.ptr, sizeof(int));
-    fuzzData.ptr += sizeof(int);
-    fuzzData.remaining -= sizeof(int);
+    while ((size > 0) && (fuzzData.remaining > 0)) {
+        unsigned char c = (unsigned char) *fuzzData.ptr++;
+        fuzzData.remaining--;
+        ret = (ret << 8) | c;
+        size--;
+    }
 
     return ret;
 }

fuzz/fuzz.h

@@ -55,8 +55,11 @@ xmlFuzzDataInit(const char *data, size_t size);
 void
 xmlFuzzDataCleanup(void);
 
-int
-xmlFuzzReadInt(void);
+void
+xmlFuzzWriteInt(FILE *out, size_t v, int size);
+
+size_t
+xmlFuzzReadInt(int size);
 
 const char *
 xmlFuzzReadRemaining(size_t *size);

fuzz/genSeed.c

@@ -112,7 +112,8 @@ processXml(const char *docFile, FILE *out) {
     int opts = XML_PARSE_NOENT | XML_PARSE_DTDLOAD;
     xmlDocPtr doc;
 
-    fwrite(&opts, sizeof(opts), 1, out);
+    /* Parser options. */
+    xmlFuzzWriteInt(out, opts, 4);
 
     fuzzRecorderInit(out);
 
@@ -132,9 +133,9 @@ processHtml(const char *docFile, FILE *out) {
     char buf[SEED_BUF_SIZE];
     FILE *file;
     size_t size;
-    int opts = 0;
 
-    fwrite(&opts, sizeof(opts), 1, out);
+    /* Parser options. */
+    xmlFuzzWriteInt(out, 0, 4);
 
     /* Copy file */
     file = fopen(docFile, "rb");

fuzz/html.c

@@ -32,7 +32,7 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
     int opts;
 
     xmlFuzzDataInit(data, size);
-    opts = xmlFuzzReadInt();
+    opts = (int) xmlFuzzReadInt(4);
 
     docBuffer = xmlFuzzReadRemaining(&docSize);
     if (docBuffer == NULL) {

fuzz/xinclude.c

@@ -34,7 +34,7 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
     int opts;
 
     xmlFuzzDataInit(data, size);
-    opts = xmlFuzzReadInt();
+    opts = (int) xmlFuzzReadInt(4);
     opts |= XML_PARSE_XINCLUDE;
 
     xmlFuzzReadEntities();

fuzz/xml.c

@@ -36,7 +36,7 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
     int opts, outSize;
 
     xmlFuzzDataInit(data, size);
-    opts = xmlFuzzReadInt();
+    opts = (int) xmlFuzzReadInt(4);
     opts &= ~XML_PARSE_XINCLUDE;
 
     xmlFuzzReadEntities();