Fuzz coverage error paths

[folkertdev]

This makes three changes to the uncompress fuzzer

• rename uncompress2 to uncompress (the old uncompress fuzzer was removed)
• when gathering code coverage, keep invalid inputs in the corpus so that code coverage shows what error paths we cover.
• feed the input in chunks of 64 bytes, to exercise more of the streaming logic

With those changes we get much better coverage of inflate.rs:

https://app.codecov.io/github/trifectatechfoundation/zlib-rs/commit/291a345601f0e817b1fb2a385e3df400e576662b/blob/zlib-rs/src/inflate.rs?flags%5B0%5D=fuzz-decompress&dropdown=coverage

cc @inahga

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Flag	Coverage Δ
fuzz-compress	41.78% <ø> (ø)
fuzz-decompress	30.86% <ø> (+0.68%)	⬆️
test-aarch64-apple-darwin	89.57% <ø> (+0.10%)	⬆️
test-x86_64-apple-darwin	87.58% <ø> (-0.09%)	⬇️
test-x86_64-unknown-linux-gnu	90.40% <ø> (+0.33%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 5 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[bjorn3]

Would varying the chunk size make sense? Especially non-power-of-two chunk sizes seem like they could be useful for finding edge-cases.

[folkertdev]

It might, but I don't see how we could do that in a deterministic way and continue to use the compression corpus.

[bjorn3]

You could take the chunk size from the fuzz input, right? So for example interpreting the fuzz input as series of 1 byte chunk size + n bytes chunk data.

[folkertdev]

Would that not mess with how effective the corpus is?

[bjorn3]

You could reformat the existing corpus into this format, right? In any case I guess this is better left as future improvement.