diff options
author | Fabian Meumertzheim <meumertzheim@code-intelligence.com> | 2021-02-23 18:00:48 +0100 |
---|---|---|
committer | Fabian Meumertzheim <fabian@meumertzhe.im> | 2021-02-24 16:28:10 +0100 |
commit | 541c5c63f1f1e3025da8073fc106a7ffe5ce73b2 (patch) | |
tree | 0233e15358e2c240376d51d2faeb17a889cf0539 /examples/src | |
parent | 4fb408bdcbfb32b207c0b92cc98bc3e95c9f7665 (diff) | |
download | jazzer-api-541c5c63f1f1e3025da8073fc106a7ffe5ce73b2.tar.gz |
Make fuzzerTestOneInput void
Java assertion errors are impossible to deduplicate and easily replaced
by an assert or a check and a custom exception.
This commit makes both variants of fuzzerTestOneInput void methods and
adds a note about this change to the respective error message.
Diffstat (limited to 'examples/src')
10 files changed, 19 insertions, 35 deletions
diff --git a/examples/src/main/java/com/example/ExampleFuzzer.java b/examples/src/main/java/com/example/ExampleFuzzer.java index 40dcb697..b41f9c77 100644 --- a/examples/src/main/java/com/example/ExampleFuzzer.java +++ b/examples/src/main/java/com/example/ExampleFuzzer.java @@ -22,7 +22,7 @@ public class ExampleFuzzer { // Optional initialization to be run before the first call to fuzzerTestOneInput. } - public static boolean fuzzerTestOneInput(FuzzedDataProvider data) { + public static void fuzzerTestOneInput(FuzzedDataProvider data) { String input = data.consumeRemainingAsString(); // Without the hook in ExampleFuzzerHooks.java, the value of random would change on every // invocation, making it almost impossible to guess for the fuzzer. @@ -31,7 +31,6 @@ public class ExampleFuzzer { && input.charAt(25) == 'C') { mustNeverBeCalled(); } - return false; } private static void mustNeverBeCalled() { diff --git a/examples/src/main/java/com/example/ExampleFuzzerWithNative.java b/examples/src/main/java/com/example/ExampleFuzzerWithNative.java index 801e84ea..853501bf 100644 --- a/examples/src/main/java/com/example/ExampleFuzzerWithNative.java +++ b/examples/src/main/java/com/example/ExampleFuzzerWithNative.java @@ -21,14 +21,13 @@ public class ExampleFuzzerWithNative { System.loadLibrary("native"); } - public static boolean fuzzerTestOneInput(FuzzedDataProvider data) { + public static void fuzzerTestOneInput(FuzzedDataProvider data) { int val = data.consumeInt(); String stringData = data.consumeRemainingAsString(); if (val == 17759716 && stringData.length() > 10 && stringData.contains("jazzer")) { // call native function which contains a crash new ExampleFuzzerWithNative().parse(stringData); } - return false; } private native boolean parse(String bytes); diff --git a/examples/src/main/java/com/example/ExampleValueProfileFuzzer.java b/examples/src/main/java/com/example/ExampleValueProfileFuzzer.java index 1eb55df0..1200c560 100644 --- a/examples/src/main/java/com/example/ExampleValueProfileFuzzer.java +++ b/examples/src/main/java/com/example/ExampleValueProfileFuzzer.java @@ -27,14 +27,14 @@ public class ExampleValueProfileFuzzer { return input ^ key; } - public static boolean fuzzerTestOneInput(FuzzedDataProvider data) { + public static void fuzzerTestOneInput(FuzzedDataProvider data) { // Without -use_value_profile=1, the fuzzer gets stuck here as there is no direct correspondence // between the input bytes and the compared string. With value profile, the fuzzer can guess the // expected input byte by byte, which takes linear rather than exponential time. if (base64(data.consumeBytes(6)).equals("SmF6emVy")) { long[] plaintextBlocks = data.consumeLongs(2); if (plaintextBlocks.length != 2) - return false; + return; if (insecureEncrypt(plaintextBlocks[0]) == 0x9fc48ee64d3dc090L) { // Without --fake_pcs (enabled by default with -use_value_profile=1), the fuzzer would get // stuck here as the value profile information for long comparisons would not be able to @@ -44,7 +44,6 @@ public class ExampleValueProfileFuzzer { } } } - return false; } private static void mustNeverBeCalled() { diff --git a/examples/src/main/java/com/example/FastJsonFuzzer.java b/examples/src/main/java/com/example/FastJsonFuzzer.java index 5c203ffb..2e5d4797 100644 --- a/examples/src/main/java/com/example/FastJsonFuzzer.java +++ b/examples/src/main/java/com/example/FastJsonFuzzer.java @@ -21,12 +21,10 @@ import com.code_intelligence.jazzer.api.FuzzedDataProvider; // Found the issues described in // https://github.com/alibaba/fastjson/issues/3631 public class FastJsonFuzzer { - public static boolean fuzzerTestOneInput(FuzzedDataProvider data) { + public static void fuzzerTestOneInput(FuzzedDataProvider data) { try { JSON.parse(data.consumeRemainingAsString()); - } catch (JSONException e) { - return false; + } catch (JSONException ignored) { } - return false; } } diff --git a/examples/src/main/java/com/example/GifImageParserFuzzer.java b/examples/src/main/java/com/example/GifImageParserFuzzer.java index 276bdb84..ab7de907 100644 --- a/examples/src/main/java/com/example/GifImageParserFuzzer.java +++ b/examples/src/main/java/com/example/GifImageParserFuzzer.java @@ -23,12 +23,10 @@ import org.apache.commons.imaging.formats.gif.GifImageParser; // Found https://issues.apache.org/jira/browse/IMAGING-277 and // https://issues.apache.org/jira/browse/IMAGING-278. public class GifImageParserFuzzer { - public static boolean fuzzerTestOneInput(byte[] input) { + public static void fuzzerTestOneInput(byte[] input) { try { new GifImageParser().getBufferedImage(new ByteSourceArray(input), new HashMap<>()); - } catch (IOException | ImageReadException e) { - return false; + } catch (IOException | ImageReadException ignored) { } - return false; } } diff --git a/examples/src/main/java/com/example/JacksonCborFuzzer.java b/examples/src/main/java/com/example/JacksonCborFuzzer.java index 3d847751..902c1d96 100644 --- a/examples/src/main/java/com/example/JacksonCborFuzzer.java +++ b/examples/src/main/java/com/example/JacksonCborFuzzer.java @@ -22,15 +22,13 @@ import java.io.IOException; // https://github.com/FasterXML/jackson-databind/pull/3032 if executed with // `--keep_going=3 -seed=2735196724`. public class JacksonCborFuzzer { - public static boolean fuzzerTestOneInput(byte[] input) { + public static void fuzzerTestOneInput(byte[] input) { CBORFactory factory = new CBORFactory(); ObjectMapper mapper = new ObjectMapper(factory); mapper.enableDefaultTyping(); try { mapper.readTree(input); - } catch (IOException e) { - return false; + } catch (IOException ignored) { } - return false; } } diff --git a/examples/src/main/java/com/example/JpegImageParserFuzzer.java b/examples/src/main/java/com/example/JpegImageParserFuzzer.java index 4040daee..ba3e7c81 100644 --- a/examples/src/main/java/com/example/JpegImageParserFuzzer.java +++ b/examples/src/main/java/com/example/JpegImageParserFuzzer.java @@ -22,12 +22,10 @@ import org.apache.commons.imaging.formats.jpeg.JpegImageParser; // Found https://issues.apache.org/jira/browse/IMAGING-275. public class JpegImageParserFuzzer { - public static boolean fuzzerTestOneInput(byte[] input) { + public static void fuzzerTestOneInput(byte[] input) { try { new JpegImageParser().getBufferedImage(new ByteSourceArray(input), new HashMap<>()); - } catch (IOException | ImageReadException e) { - return false; + } catch (IOException | ImageReadException ignored) { } - return false; } } diff --git a/examples/src/main/java/com/example/JsonSanitizerFuzzer.java b/examples/src/main/java/com/example/JsonSanitizerFuzzer.java index ef13f369..31831616 100644 --- a/examples/src/main/java/com/example/JsonSanitizerFuzzer.java +++ b/examples/src/main/java/com/example/JsonSanitizerFuzzer.java @@ -20,7 +20,7 @@ import com.google.gson.JsonElement; import com.google.json.JsonSanitizer; public class JsonSanitizerFuzzer { - public static boolean fuzzerTestOneInput(FuzzedDataProvider data) { + public static void fuzzerTestOneInput(FuzzedDataProvider data) { String input = data.consumeRemainingAsString(); String validJson; try { @@ -28,15 +28,14 @@ public class JsonSanitizerFuzzer { } catch (ArrayIndexOutOfBoundsException e) { // ArrayIndexOutOfBoundsException is expected if nesting depth is // exceeded. - return false; + return; } Gson gson = new Gson(); gson.fromJson(validJson, JsonElement.class); if (validJson.contains("</script>") || validJson.contains("<script") || validJson.contains("<!--") || validJson.contains("]]>")) { System.out.println(validJson); - return true; + throw new IllegalStateException("Output contains forbidden substring"); } - return false; } } diff --git a/examples/src/main/java/com/example/TiffImageParserFuzzer.java b/examples/src/main/java/com/example/TiffImageParserFuzzer.java index 6dd127c2..5fa1af2d 100644 --- a/examples/src/main/java/com/example/TiffImageParserFuzzer.java +++ b/examples/src/main/java/com/example/TiffImageParserFuzzer.java @@ -22,12 +22,10 @@ import org.apache.commons.imaging.formats.tiff.TiffImageParser; // Found https://issues.apache.org/jira/browse/IMAGING-276. public class TiffImageParserFuzzer { - public static boolean fuzzerTestOneInput(byte[] input) { + public static void fuzzerTestOneInput(byte[] input) { try { new TiffImageParser().getBufferedImage(new ByteSourceArray(input), new HashMap<>()); - } catch (IOException | ImageReadException e) { - return false; + } catch (IOException | ImageReadException ignored) { } - return false; } } diff --git a/examples/src/main/java/com/example/TurboJpegFuzzer.java b/examples/src/main/java/com/example/TurboJpegFuzzer.java index 0a0059e4..b9ea715b 100644 --- a/examples/src/main/java/com/example/TurboJpegFuzzer.java +++ b/examples/src/main/java/com/example/TurboJpegFuzzer.java @@ -29,7 +29,7 @@ public class TurboJpegFuzzer { new TJDecompressor(); } - public static boolean fuzzerTestOneInput(FuzzedDataProvider data) { + public static void fuzzerTestOneInput(FuzzedDataProvider data) { try { int flagsDecompress = data.consumeInt(); int flagsTransform = data.consumeInt(); @@ -52,10 +52,8 @@ public class TurboJpegFuzzer { tjd = new TJDecompressor(data.consumeRemainingAsBytes()); } tjd.decompress(buffer, 0, 0, desiredWidth, 0, desiredHeight, pixelFormat, flagsDecompress); - } catch (Exception e) { + } catch (Exception ignored) { // We are not looking for Java exceptions, but segfaults and ASan reports. - return false; } - return false; } } |