diff options
| author | Fabian Meumertzheim <meumertzheim@code-intelligence.com> | 2021-05-27 16:46:45 +0200 |
|---|---|---|
| committer | Fabian Meumertzheim <fabian@meumertzhe.im> | 2021-05-27 17:18:31 +0200 |
| commit | 7f9f12da971ae7090c5da394b4569b100cde2068 (patch) | |
| tree | 23d2c549af9f35cf0ae009501a7bcea7a418288a /examples | |
| parent | c50121bf574fb21b660422be0b4231359cdce5b0 (diff) | |
| download | jazzer-api-7f9f12da971ae7090c5da394b4569b100cde2068.tar.gz | |
Pass quoted arguments to child processes
libFuzzer does not quote the arguments it passes to child processes during merge
and fork, which leads to arguments being lost if passing multiple jvm_args with
delimiter ';'.
This commit adds a libFuzzer patch that properly quotes all arguments as well as
a test that fails if quoting is not appropriate.
Diffstat (limited to 'examples')
| -rw-r--r-- | examples/BUILD.bazel | 8 | ||||
| -rw-r--r-- | examples/src/main/java/com/example/JpegImageParserFuzzer.java | 10 |
2 files changed, 17 insertions, 1 deletions
diff --git a/examples/BUILD.bazel b/examples/BUILD.bazel index 23cc51d9..df1e7832 100644 --- a/examples/BUILD.bazel +++ b/examples/BUILD.bazel @@ -69,7 +69,13 @@ java_fuzz_target_test( srcs = [ "src/main/java/com/example/JpegImageParserFuzzer.java", ], - fuzzer_args = ["-fork=5"], + fuzzer_args = [ + "-fork=5", + # Only used to verify that arguments are correctly passed down to child + # processes. Quoting with both " and ' is necessary in this test since + # one level of quoting is lost when passing through jazzer_wrapper.sh + "--jvm_args=\"'-Dfoo=foo;-Dbar=bar'\"", + ], # The exit codes of the forked libFuzzer processes are not picked up correctly. tags = ["broken-on-darwin"], target_class = "com.example.JpegImageParserFuzzer", diff --git a/examples/src/main/java/com/example/JpegImageParserFuzzer.java b/examples/src/main/java/com/example/JpegImageParserFuzzer.java index ba3e7c81..f9d119e8 100644 --- a/examples/src/main/java/com/example/JpegImageParserFuzzer.java +++ b/examples/src/main/java/com/example/JpegImageParserFuzzer.java @@ -22,6 +22,16 @@ import org.apache.commons.imaging.formats.jpeg.JpegImageParser; // Found https://issues.apache.org/jira/browse/IMAGING-275. public class JpegImageParserFuzzer { + public static void fuzzerInitialize() { + // Only used to verify that arguments are correctly passed down to child processes. + if (System.getProperty("foo") == null || System.getProperty("bar") == null) { + // The child process did not have a sufficiently high memory limit, + // Exit the process with an exit code different from that for a finding. + System.err.println("ERROR: Did not pass all jvm_args to child process."); + System.exit(3); + } + } + public static void fuzzerTestOneInput(byte[] input) { try { new JpegImageParser().getBufferedImage(new ByteSourceArray(input), new HashMap<>()); |