2 files changed, 29 insertions, 3 deletions

diff --git a/ossfuzz/decompress_fuzzer.c b/ossfuzz/decompress_fuzzer.c
index 0267c93..b17783c 100644
--- a/ossfuzz/decompress_fuzzer.c
+++ b/ossfuzz/decompress_fuzzer.c
@@ -9,13 +9,12 @@
 #include <string.h>
 
 #include "fuzz_helpers.h"
+#include "fuzz_data_producer.h"
 #include "lz4.h"
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
-
-    uint32_t seed = FUZZ_seed(&data, &size);
-    size_t const dstCapacity = FUZZ_rand32(&seed, 0, 4 * size);
+    size_t const dstCapacity = FUZZ_produceUint32Range(data, size, 0, 4 * size);
     size_t const smallDictSize = size + 1;
     size_t const largeDictSize = 64 * 1024 - 1;
     size_t const dictSize = MAX(smallDictSize, largeDictSize);
diff --git a/ossfuzz/fuzz_data_producer.h b/ossfuzz/fuzz_data_producer.h
new file mode 100644
index 0000000..c41aaec
--- /dev/null
+++ b/ossfuzz/fuzz_data_producer.h
@@ -0,0 +1,27 @@
+#include <stddef.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+FUZZ_STATIC uint32_t FUZZ_produceUint32Range(uint8_t *data, size_t size,
+                                             uint32_t min, uint32_t max) {
+  if (min > max) {
+    return 0;
+  }
+
+  uint32_t range = max - min;
+  uint32_t rolling = range;
+  uint32_t result = 0;
+
+  while (rolling > 0 && size > 0) {
+    uint8_t next = *(data + size - 1);
+    size -= 1;
+    result = (result << 8) | next;
+  }
+
+  if (range == 0xffffffff) {
+    return result;
+  }
+
+  return min + result % (range + 1);
+}