From adf40680a0e3c352cd17f0c0b6205bce6a209939 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Mon, 27 Feb 2023 18:53:11 +0100
Subject: [PATCH] Support mutation depth during minimization

Multiple mutations may be necessary to achieve a shorter crashing
input.
---
 src/Fuzzer.php | 28 +++++++++++++++-------------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/src/Fuzzer.php b/src/Fuzzer.php
index c593bcd..7db32e6 100644
--- a/src/Fuzzer.php
+++ b/src/Fuzzer.php
@@ -333,22 +333,24 @@ private function minimizeCrash(string $path) {
         }
 
         while ($this->runs < $this->maxRuns) {
-            // TODO: Mutation depth, etc.
-            $newInput = $this->mutator->mutate($input, $this->maxLen, null);
-            if (\strlen($newInput) >= \strlen($input)) {
-                continue;
-            }
+            $newInput = $input;
+            for ($m = 0; $m < $this->mutationDepthLimit; $m++) {
+                $newInput = $this->mutator->mutate($newInput, $this->maxLen, null);
+                if (\strlen($newInput) >= \strlen($input)) {
+                    continue;
+                }
 
-            $newEntry = $this->runInput($newInput);
-            if (!$newEntry->crashInfo) {
-                continue;
-            }
+                $newEntry = $this->runInput($newInput);
+                if (!$newEntry->crashInfo) {
+                    continue;
+                }
 
-            $newEntry->storeAtPath(getcwd() . '/minimized-' . md5($newInput) . '.txt');
+                $newEntry->storeAtPath(getcwd() . '/minimized-' . md5($newInput) . '.txt');
 
-            $len = \strlen($newInput);
-            $this->printCrash("CRASH with length $len", $newEntry);
-            $input = $newInput;
+                $len = \strlen($newInput);
+                $this->printCrash("CRASH with length $len", $newEntry);
+                $input = $newInput;
+            }
         }
     }