Add support for UBSan

4 files changed, 51 insertions, 7 deletions

diff --git a/examples/BUILD.bazel b/examples/BUILD.bazel
index b2d021d0..d7f0f8cd 100644
--- a/examples/BUILD.bazel
+++ b/examples/BUILD.bazel
@@ -14,15 +14,27 @@ java_fuzz_target_test(
 )
 
 java_fuzz_target_test(
-    name = "ExampleFuzzerWithNative",
+    name = "ExampleFuzzerWithASan",
     srcs = [
         "src/main/java/com/example/ExampleFuzzerWithNative.java",
     ],
-    native_libs = ["//examples/src/main/native"],
+    native_libs = ["//examples/src/main/native:native_asan"],
+    sanitizer = "address",
+    # Bazel creates shared libraries with an incorrect extension on macOS.
+    tags = ["broken-on-darwin"],
+    target_class = "com.example.ExampleFuzzerWithNative",
+)
+
+java_fuzz_target_test(
+    name = "ExampleFuzzerWithUBSan",
+    srcs = [
+        "src/main/java/com/example/ExampleFuzzerWithNative.java",
+    ],
+    native_libs = ["//examples/src/main/native:native_ubsan"],
+    sanitizer = "undefined",
     # Bazel creates shared libraries with an incorrect extension on macOS.
     tags = ["broken-on-darwin"],
     target_class = "com.example.ExampleFuzzerWithNative",
-    use_asan = True,
 )
 
 java_fuzz_target_test(
@@ -208,9 +220,9 @@ java_fuzz_target_test(
     native_libs = [
         "@libjpeg_turbo//:turbojpeg_native",
     ],
+    sanitizer = "address",
     tags = ["manual"],
     target_class = "com.example.TurboJpegFuzzer",
-    use_asan = True,
     deps = [
         "@libjpeg_turbo//:turbojpeg_java",
     ],
diff --git a/examples/src/main/java/com/example/ExampleFuzzerWithNative.java b/examples/src/main/java/com/example/ExampleFuzzerWithNative.java
index 853501bf..071446aa 100644
--- a/examples/src/main/java/com/example/ExampleFuzzerWithNative.java
+++ b/examples/src/main/java/com/example/ExampleFuzzerWithNative.java
@@ -18,7 +18,11 @@ import com.code_intelligence.jazzer.api.FuzzedDataProvider;
 
 public class ExampleFuzzerWithNative {
   static {
-    System.loadLibrary("native");
+    try {
+      System.loadLibrary("native_asan");
+    } catch (UnsatisfiedLinkError e) {
+      System.loadLibrary("native_ubsan");
+    }
   }
 
   public static void fuzzerTestOneInput(FuzzedDataProvider data) {
diff --git a/examples/src/main/native/BUILD.bazel b/examples/src/main/native/BUILD.bazel
index 16b48419..df24bb37 100644
--- a/examples/src/main/native/BUILD.bazel
+++ b/examples/src/main/native/BUILD.bazel
@@ -1,7 +1,7 @@
 load("@rules_cc//cc:defs.bzl", "cc_binary")
 
 cc_binary(
-    name = "native",
+    name = "native_asan",
     srcs = [
         "com_example_ExampleFuzzerWithNative.cpp",
         "com_example_ExampleFuzzerWithNative.h",
@@ -18,3 +18,25 @@ cc_binary(
         "@bazel_tools//tools/jdk:jni",
     ],
 )
+
+cc_binary(
+    name = "native_ubsan",
+    srcs = [
+        "com_example_ExampleFuzzerWithNative.cpp",
+        "com_example_ExampleFuzzerWithNative.h",
+    ],
+    copts = [
+        "-fsanitize=fuzzer-no-link,undefined",
+        "-fno-sanitize-recover=all",
+        # Workaround for https://github.com/bazelbuild/bazel/issues/11122.
+        "-fno-sanitize=vptr,function",
+    ],
+    linkopts = [
+        "-fsanitize=fuzzer-no-link,undefined",
+    ],
+    linkshared = True,
+    visibility = ["//examples:__pkg__"],
+    deps = [
+        "@bazel_tools//tools/jdk:jni",
+    ],
+)
diff --git a/examples/src/main/native/com_example_ExampleFuzzerWithNative.cpp b/examples/src/main/native/com_example_ExampleFuzzerWithNative.cpp
index 434c3d5b..774e5998 100644
--- a/examples/src/main/native/com_example_ExampleFuzzerWithNative.cpp
+++ b/examples/src/main/native/com_example_ExampleFuzzerWithNative.cpp
@@ -14,14 +14,20 @@
 
 #include "com_example_ExampleFuzzerWithNative.h"
 
+#include <limits>
 #include <string>
 
 // simple function containing a crash that requires coverage and string compare
 // instrumentation for the fuzzer to find
 __attribute__((optnone)) void parseInternal(const std::string &input) {
+  constexpr int bar = std::numeric_limits<int>::max() - 5;
+  // Crashes with UBSan.
+  if (bar + input[0] == 300) {
+    return;
+  }
   if (input[0] == 'a' && input[1] == 'b' && input[5] == 'c') {
     if (input.find("secret_in_native_library") != std::string::npos) {
-      // BOOM
+      // Crashes with ASan.
       [[maybe_unused]] char foo = input[input.size() + 2];
     }
   }