From 0812f9db0295e0ae4e020879903d48984c149988 Mon Sep 17 00:00:00 2001
From: Peter Samarin <peter.samarin@code-intelligence.com>
Date: Thu, 22 Jan 2026 17:55:03 +0100
Subject: [PATCH] BREAKING feat: use mutation framework for single-byte[] fuzz
 tests

---
 .../jazzer/driver/FuzzTargetRunner.java                  | 2 +-
 .../mutator/lang/PrimitiveArrayMutatorFactory.java       | 9 ++++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetRunner.java b/src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetRunner.java
index 112c4a2df..85a71e22b 100644
--- a/src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetRunner.java
+++ b/src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetRunner.java
@@ -137,7 +137,7 @@ public final class FuzzTargetRunner {
     useMutatorFramework =
         Opt.mutatorFramework.get()
             && Opt.autofuzz.get().isEmpty()
-            && !(fuzzTarget.usesPrimitiveByteArray() || fuzzTarget.usesFuzzedDataProvider());
+            && !fuzzTarget.usesFuzzedDataProvider();
 
     useFuzzedDataProvider = fuzzTarget.usesFuzzedDataProvider();
     if (!useFuzzedDataProvider && IS_ANDROID) {
diff --git a/src/main/java/com/code_intelligence/jazzer/mutation/mutator/lang/PrimitiveArrayMutatorFactory.java b/src/main/java/com/code_intelligence/jazzer/mutation/mutator/lang/PrimitiveArrayMutatorFactory.java
index 01ae3fca8..ee4643f45 100644
--- a/src/main/java/com/code_intelligence/jazzer/mutation/mutator/lang/PrimitiveArrayMutatorFactory.java
+++ b/src/main/java/com/code_intelligence/jazzer/mutation/mutator/lang/PrimitiveArrayMutatorFactory.java
@@ -73,6 +73,8 @@ public Optional<SerializingMutator<?>> tryCreate(
   public static final class PrimitiveArrayMutator<T> extends SerializingMutator<T> {
     private static final int DEFAULT_MIN_LENGTH = 0;
     private static final int DEFAULT_MAX_LENGTH = 1000;
+    // This default is chosen to match libFuzzer's default max length for byte arrays.
+    private static final int DEFAULT_BYTE_ARRAY_MAX_LENGTH = 4096;
     private static final Charset FUZZED_DATA_CHARSET = Charset.forName("CESU-8");
     private long minRange;
     private long maxRange;
@@ -216,7 +218,12 @@ private void extractRange(AnnotatedType type) {
     private void extractLength(AnnotatedType type) {
       Optional<WithLength> withLength = Optional.ofNullable(type.getAnnotation(WithLength.class));
       minLength = withLength.map(WithLength::min).orElse(DEFAULT_MIN_LENGTH);
-      maxLength = withLength.map(WithLength::max).orElse(DEFAULT_MAX_LENGTH);
+      // Different default max lengths for byte[] and other primitive arrays to match libFuzzer.
+      int defaultMaxLength =
+          type.getType().getTypeName().equals("byte")
+              ? DEFAULT_BYTE_ARRAY_MAX_LENGTH
+              : DEFAULT_MAX_LENGTH;
+      maxLength = withLength.map(WithLength::max).orElse(defaultMaxLength);
     }
 
     private AnnotatedType convertWithLength(AnnotatedType type, AnnotatedType newType) {