From 8d9c076493341177f9308e6dcba283ee4b749a9a Mon Sep 17 00:00:00 2001
From: Pavel Kalvoda <me@pavelkalvoda.com>
Date: Fri, 10 Apr 2020 15:28:14 +0200
Subject: [PATCH] Debug oss-fuzz #2

---
 oss-fuzz/cbor_load_fuzzer.cc | 86 ++++++++++++++++++------------------
 1 file changed, 44 insertions(+), 42 deletions(-)

diff --git a/oss-fuzz/cbor_load_fuzzer.cc b/oss-fuzz/cbor_load_fuzzer.cc
index aad1a76d..08cac57d 100644
--- a/oss-fuzz/cbor_load_fuzzer.cc
+++ b/oss-fuzz/cbor_load_fuzzer.cc
@@ -1,61 +1,63 @@
 #include <cstdint>
 #include <cstdio>
 #include <cstdlib>
-#include <map>
+#include <unordered_map>
 
 #include "cbor.h"
 
 static size_t allocated_mem = 0;
-static std::map<void*, size_t> allocated_len_map;
+static std::unordered_map<void*, size_t> allocated_len_map;
 static constexpr size_t kMemoryLimit = 1 << 30;
 
 void *limited_malloc(size_t size) {
-    if (size + allocated_mem > kMemoryLimit) {
-        return nullptr;
-    }
-    if (size == 0) {
-        return nullptr;
-    }
-    void* m = malloc(size);
-    if (m != nullptr) {
-        allocated_mem += size;
-        allocated_len_map[m] = size;
-    }
-    return m;
+  return nullptr;
+//    if (size + allocated_mem > kMemoryLimit) {
+//        return nullptr;
+//    }
+//    if (size == 0) {
+//        return nullptr;
+//    }
+//    void* m = malloc(size);
+//    if (m != nullptr) {
+//        allocated_mem += size;
+//        allocated_len_map[m] = size;
+//    }
+//    return m;
 }
 
 void limited_free(void *ptr) {
-    if (ptr != NULL && allocated_len_map.find(ptr) == allocated_len_map.end()) {
-        abort();
-    }
-    free(ptr);
-    if (ptr != NULL) {
-        allocated_mem -= allocated_len_map[ptr];
-        allocated_len_map.erase(ptr);
-    }
+//    if (ptr != NULL && allocated_len_map.find(ptr) == allocated_len_map.end()) {
+//        abort();
+//    }
+//    free(ptr);
+//    if (ptr != NULL) {
+//        allocated_mem -= allocated_len_map[ptr];
+//        allocated_len_map.erase(ptr);
+//    }
 }
 
 void *limited_realloc(void *ptr, size_t size) {
-    if (ptr != NULL && allocated_len_map.find(ptr) == allocated_len_map.end()) {
-        abort();
-    }
-    if (ptr == NULL) {
-        return limited_malloc(size);
-    }
-    long delta = (long) size - allocated_len_map[ptr];
-    if (delta + allocated_mem > kMemoryLimit) {
-        return nullptr;
-    }
-    void* new_ptr = realloc(ptr, size);
-    if (size > 0 && new_ptr == nullptr) {
-        return nullptr;
-    }
-    allocated_mem += delta;
-    allocated_len_map.erase(ptr);
-    if (size > 0) {
-        allocated_len_map[new_ptr] = size;
-    }
-    return new_ptr;
+  return nullptr;
+//    if (ptr != NULL && allocated_len_map.find(ptr) == allocated_len_map.end()) {
+//        abort();
+//    }
+//    if (ptr == NULL) {
+//        return limited_malloc(size);
+//    }
+//    long delta = (long) size - allocated_len_map[ptr];
+//    if (delta + allocated_mem > kMemoryLimit) {
+//        return nullptr;
+//    }
+//    void* new_ptr = realloc(ptr, size);
+//    if (size > 0 && new_ptr == nullptr) {
+//        return nullptr;
+//    }
+//    allocated_mem += delta;
+//    allocated_len_map.erase(ptr);
+//    if (size > 0) {
+//        allocated_len_map[new_ptr] = size;
+//    }
+//    return new_ptr;
 }
 
 struct State {