diff options
author | Muhammad Haseeb Ahmad <mhahmad@google.com> | 2021-12-30 18:23:53 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2021-12-30 18:23:53 +0000 |
commit | 268d7f757f82e6e706cd4f5dfcb854fc2342b053 (patch) | |
tree | c5880647e8b29782d15be0c99a60e56fed6f8a02 /examples/src/main/native/com/example/com_example_ExampleFuzzerWithNative.cpp | |
parent | b997679abe998d84ad4b9c3e6589342794d3bfcb (diff) | |
parent | 0f73d9c5add52fa24500a9ddb691528db216e096 (diff) | |
download | jazzer-api-268d7f757f82e6e706cd4f5dfcb854fc2342b053.tar.gz |
Merge remote-tracking branch 'aosp/upstream-main' into master am: 5c6f411699 am: 844d7aba71 am: 0f73d9c5ad
Original change: https://android-review.googlesource.com/c/platform/external/jazzer-api/+/1935188
Change-Id: I0c6c57f25d7b033e469b5f869e4de16f0ec62839
Diffstat (limited to 'examples/src/main/native/com/example/com_example_ExampleFuzzerWithNative.cpp')
-rw-r--r-- | examples/src/main/native/com/example/com_example_ExampleFuzzerWithNative.cpp | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/examples/src/main/native/com/example/com_example_ExampleFuzzerWithNative.cpp b/examples/src/main/native/com/example/com_example_ExampleFuzzerWithNative.cpp new file mode 100644 index 00000000..774e5998 --- /dev/null +++ b/examples/src/main/native/com/example/com_example_ExampleFuzzerWithNative.cpp @@ -0,0 +1,42 @@ +// Copyright 2021 Code Intelligence GmbH +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "com_example_ExampleFuzzerWithNative.h" + +#include <limits> +#include <string> + +// simple function containing a crash that requires coverage and string compare +// instrumentation for the fuzzer to find +__attribute__((optnone)) void parseInternal(const std::string &input) { + constexpr int bar = std::numeric_limits<int>::max() - 5; + // Crashes with UBSan. + if (bar + input[0] == 300) { + return; + } + if (input[0] == 'a' && input[1] == 'b' && input[5] == 'c') { + if (input.find("secret_in_native_library") != std::string::npos) { + // Crashes with ASan. + [[maybe_unused]] char foo = input[input.size() + 2]; + } + } +} + +JNIEXPORT jboolean JNICALL Java_com_example_ExampleFuzzerWithNative_parse( + JNIEnv *env, jobject o, jstring bytes) { + const char *input(env->GetStringUTFChars(bytes, nullptr)); + parseInternal(input); + env->ReleaseStringUTFChars(bytes, input); + return false; +} |