From fad0c58c3ecdf2a2a602ff39c9fd9dda7f8747d9 Mon Sep 17 00:00:00 2001
From: MarcoFalke <falke.marco@gmail.com>
Date: Mon, 7 Jun 2021 13:28:01 +0200
Subject: [PATCH 1/2] fuzz: Remove confusing return keyword from CallOneOf

The return type is already enforced to be void by the
ternary operator:

./test/fuzz/util.h:47:25: error: right operand to ? is void, but left operand is of type *OTHER_TYPE*
    ((i++ == call_index ? callables() : void()), ...);
                        ^ ~~~~~~~~~~~   ~~~~~~
---
 src/test/fuzz/util.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/fuzz/util.h b/src/test/fuzz/util.h
index 36b1d5035c1..023dcdb3e53 100644
--- a/src/test/fuzz/util.h
+++ b/src/test/fuzz/util.h
@@ -44,7 +44,7 @@ void CallOneOf(FuzzedDataProvider& fuzzed_data_provider, Callables... callables)
     const size_t call_index{fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, call_size - 1)};
 
     size_t i{0};
-    return ((i++ == call_index ? callables() : void()), ...);
+    ((i++ == call_index ? callables() : void()), ...);
 }
 
 template <typename Collection>

From fa13f34bf35129b38af699a0faf32c39d2ba8576 Mon Sep 17 00:00:00 2001
From: MarcoFalke <falke.marco@gmail.com>
Date: Mon, 7 Jun 2021 13:40:12 +0200
Subject: [PATCH 2/2] fuzz: Increase branch coverage of the float fuzz target

---
 src/test/fuzz/float.cpp | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/src/test/fuzz/float.cpp b/src/test/fuzz/float.cpp
index adef66a3ee0..2f77c8949e2 100644
--- a/src/test/fuzz/float.cpp
+++ b/src/test/fuzz/float.cpp
@@ -5,6 +5,7 @@
 #include <memusage.h>
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
 #include <util/serfloat.h>
 #include <version.h>
 
@@ -17,7 +18,33 @@ FUZZ_TARGET(float)
     FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
 
     {
-        const double d = fuzzed_data_provider.ConsumeFloatingPoint<double>();
+        const double d{[&] {
+            double tmp;
+            CallOneOf(
+                fuzzed_data_provider,
+                // an actual number
+                [&] { tmp = fuzzed_data_provider.ConsumeFloatingPoint<double>(); },
+                // special numbers and NANs
+                [&] { tmp = fuzzed_data_provider.PickValueInArray({
+                          std::numeric_limits<double>::infinity(),
+                          -std::numeric_limits<double>::infinity(),
+                          std::numeric_limits<double>::min(),
+                          -std::numeric_limits<double>::min(),
+                          std::numeric_limits<double>::max(),
+                          -std::numeric_limits<double>::max(),
+                          std::numeric_limits<double>::lowest(),
+                          -std::numeric_limits<double>::lowest(),
+                          std::numeric_limits<double>::quiet_NaN(),
+                          -std::numeric_limits<double>::quiet_NaN(),
+                          std::numeric_limits<double>::signaling_NaN(),
+                          -std::numeric_limits<double>::signaling_NaN(),
+                          std::numeric_limits<double>::denorm_min(),
+                          -std::numeric_limits<double>::denorm_min(),
+                      }); },
+                // Anything from raw memory (also checks that DecodeDouble doesn't crash on any input)
+                [&] { tmp = DecodeDouble(fuzzed_data_provider.ConsumeIntegral<uint64_t>()); });
+            return tmp;
+        }()};
         (void)memusage::DynamicUsage(d);
 
         uint64_t encoded = EncodeDouble(d);