From 379e164120fbc98885a8f494b5aa41ba94f64c56 Mon Sep 17 00:00:00 2001
From: Eric Cornelissen <ericornelissen@gmail.com>
Date: Wed, 5 Aug 2020 01:43:24 +0300
Subject: [PATCH] Fix bug where NilChance(0) could still result in nil (#47)

* Update genShouldFill to use greater-then-or-equal

Because rand.Float64 can return 0 it was possible for this function to
return false when the nilChance is set to 0 (because 0 > 0 = false).

* Add test case for NilChance(0) against "random" zero
---
 fuzz.go      |  2 +-
 fuzz_test.go | 29 +++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/fuzz.go b/fuzz.go
index a076b4f..761520a 100644
--- a/fuzz.go
+++ b/fuzz.go
@@ -172,7 +172,7 @@ func (f *Fuzzer) genElementCount() int {
 }
 
 func (f *Fuzzer) genShouldFill() bool {
-	return f.r.Float64() > f.nilChance
+	return f.r.Float64() >= f.nilChance
 }
 
 // MaxDepth sets the maximum number of recursive fuzz calls that will be made
diff --git a/fuzz_test.go b/fuzz_test.go
index 19bfb5b..0a3b771 100644
--- a/fuzz_test.go
+++ b/fuzz_test.go
@@ -515,6 +515,35 @@ func TestFuzz_SkipPattern(t *testing.T) {
 	})
 }
 
+func TestFuzz_NilChanceZero(t *testing.T) {
+	// This data source for random will result in the following four values
+	// being sampled (the first, 0, being the most interesting case):
+	//   0; 0.8727288671879787; 0.5547307616625858; 0.021885026049502695
+	data := []byte("H0000000\x00")
+	f := NewFromGoFuzz(data).NilChance(0)
+
+	var fancyStruct struct {
+		A, B, C, D *string
+	}
+	f.Fuzz(&fancyStruct) // None of the pointers should be nil, as NilChance is 0
+
+	if fancyStruct.A == nil {
+		t.Error("First value in struct was nil")
+	}
+
+	if fancyStruct.B == nil {
+		t.Error("Second value in struct was nil")
+	}
+
+	if fancyStruct.C == nil {
+		t.Error("Third value in struct was nil")
+	}
+
+	if fancyStruct.D == nil {
+		t.Error("Fourth value in struct was nil")
+	}
+}
+
 type int63mode int
 
 const (