[libsoup] fuzzing: Add SoupContentSniffer coverage

[Patrick Griffis <pgriffis src gnome org>]

commit bcb62cd296b1e278a42c066de956378f0354741c
Author: Patrick Griffis <pgriffis igalia com>
Date:   Wed Dec 16 15:55:10 2020 -0600

    fuzzing: Add SoupContentSniffer coverage

 fuzzing/fuzz_content_sniffer.c    | 19 +++++++++++++++++++
 fuzzing/fuzz_content_sniffer.dict | 28 ++++++++++++++++++++++++++++
 fuzzing/meson.build               |  6 +++---
 3 files changed, 50 insertions(+), 3 deletions(-)
---
diff --git a/fuzzing/fuzz_content_sniffer.c b/fuzzing/fuzz_content_sniffer.c
new file mode 100644
index 00000000..f8be569a
--- /dev/null
+++ b/fuzzing/fuzz_content_sniffer.c
@@ -0,0 +1,19 @@
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+        fuzz_set_logging_func ();
+
+        GBytes *bytes = g_bytes_new (data, size);
+        SoupContentSniffer *sniffer = soup_content_sniffer_new ();
+        SoupMessage *msg = soup_message_new (SOUP_METHOD_GET, "https://example.org";);
+        char *content_type = soup_content_sniffer_sniff (sniffer, msg, bytes, NULL);
+
+        g_bytes_unref (bytes);
+        g_object_unref (sniffer);
+        g_object_unref (msg);
+        g_free (content_type);
+
+        return 0;
+}
\ No newline at end of file
diff --git a/fuzzing/fuzz_content_sniffer.dict b/fuzzing/fuzz_content_sniffer.dict
new file mode 100644
index 00000000..79a3cc8c
--- /dev/null
+++ b/fuzzing/fuzz_content_sniffer.dict
@@ -0,0 +1,28 @@
+# These are just directly copied from soup-content-sniffer.c
+# and could surely be improved.
+
+# UTF-16 BOM
+"\xFE\xFF"
+# UTF-8 BOM
+"\xEF\xBB\xBF"
+# webm
+"\x1A\x45\xDF\xA3"
+# audio
+".snd"
+# aiff
+"FORM\x00\x00\x00\x00AIFF"
+# mpeg
+"ID3"
+# ogg
+"OggS\x00"
+# midi
+"MThd\x00\x00\x00\x06"
+# wave
+"RIFF\x00\x00\x00\x00WAVE"
+# avi
+"RIFF\x00\x00\x00\x00AVI "
+# HTML
+"<!DOCTYPE HTML"
+"<HTML"
+# XML
+"<?xml"
\ No newline at end of file
diff --git a/fuzzing/meson.build b/fuzzing/meson.build
index 865bfcd3..23777450 100644
--- a/fuzzing/meson.build
+++ b/fuzzing/meson.build
@@ -3,6 +3,7 @@ fs = import('fs')
 fuzz_targets = [
   'fuzz_decode_data_uri',
   'fuzz_cookie_parse',
+  'fuzz_content_sniffer',
 ]
 
 fuzzing_args = '-fsanitize=fuzzer,address,undefined'
@@ -29,8 +30,7 @@ if have_fuzzing and (fuzzing_feature.enabled() or fuzzing_feature.auto())
 
     test(target, exe,
       args: [
-        '-runs=500000',
-        '-jobs=16', # This will automatically limit itself to half your systems threads
+        '-runs=200000',
         '-artifact_prefix=meson-logs/' + target + '-',
         '-print_final_stats=1',
       ] + extra_args,
@@ -39,7 +39,7 @@ if have_fuzzing and (fuzzing_feature.enabled() or fuzzing_feature.auto())
         'UBSAN_OPTIONS=print_stacktrace=1',
       ],
       suite: 'fuzzing',
-      timeout: 240,
+      timeout: 360,
       priority: -1,
     )
   endforeach