diff options
author | Fabian Meumertzheim <meumertzheim@code-intelligence.com> | 2021-06-09 10:03:53 +0200 |
---|---|---|
committer | Fabian Meumertzheim <fabian@meumertzhe.im> | 2021-06-09 11:48:20 +0200 |
commit | 224e8d00c26d19a78de1720459e3c5b403ae36ca (patch) | |
tree | fbb98af54cb3b218c4dd66689537ec2b4e0fdfb0 /examples | |
parent | edc2afa53eaab4e036dae4c418b88d0b3e669949 (diff) | |
download | jazzer-api-224e8d00c26d19a78de1720459e3c5b403ae36ca.tar.gz |
Add support for UBSan
Diffstat (limited to 'examples')
-rw-r--r-- | examples/BUILD.bazel | 20 | ||||
-rw-r--r-- | examples/src/main/java/com/example/ExampleFuzzerWithNative.java | 6 | ||||
-rw-r--r-- | examples/src/main/native/BUILD.bazel | 24 | ||||
-rw-r--r-- | examples/src/main/native/com_example_ExampleFuzzerWithNative.cpp | 8 |
4 files changed, 51 insertions, 7 deletions
diff --git a/examples/BUILD.bazel b/examples/BUILD.bazel index b2d021d0..d7f0f8cd 100644 --- a/examples/BUILD.bazel +++ b/examples/BUILD.bazel @@ -14,15 +14,27 @@ java_fuzz_target_test( ) java_fuzz_target_test( - name = "ExampleFuzzerWithNative", + name = "ExampleFuzzerWithASan", srcs = [ "src/main/java/com/example/ExampleFuzzerWithNative.java", ], - native_libs = ["//examples/src/main/native"], + native_libs = ["//examples/src/main/native:native_asan"], + sanitizer = "address", + # Bazel creates shared libraries with an incorrect extension on macOS. + tags = ["broken-on-darwin"], + target_class = "com.example.ExampleFuzzerWithNative", +) + +java_fuzz_target_test( + name = "ExampleFuzzerWithUBSan", + srcs = [ + "src/main/java/com/example/ExampleFuzzerWithNative.java", + ], + native_libs = ["//examples/src/main/native:native_ubsan"], + sanitizer = "undefined", # Bazel creates shared libraries with an incorrect extension on macOS. tags = ["broken-on-darwin"], target_class = "com.example.ExampleFuzzerWithNative", - use_asan = True, ) java_fuzz_target_test( @@ -208,9 +220,9 @@ java_fuzz_target_test( native_libs = [ "@libjpeg_turbo//:turbojpeg_native", ], + sanitizer = "address", tags = ["manual"], target_class = "com.example.TurboJpegFuzzer", - use_asan = True, deps = [ "@libjpeg_turbo//:turbojpeg_java", ], diff --git a/examples/src/main/java/com/example/ExampleFuzzerWithNative.java b/examples/src/main/java/com/example/ExampleFuzzerWithNative.java index 853501bf..071446aa 100644 --- a/examples/src/main/java/com/example/ExampleFuzzerWithNative.java +++ b/examples/src/main/java/com/example/ExampleFuzzerWithNative.java @@ -18,7 +18,11 @@ import com.code_intelligence.jazzer.api.FuzzedDataProvider; public class ExampleFuzzerWithNative { static { - System.loadLibrary("native"); + try { + System.loadLibrary("native_asan"); + } catch (UnsatisfiedLinkError e) { + System.loadLibrary("native_ubsan"); + } } public static void fuzzerTestOneInput(FuzzedDataProvider data) { diff --git a/examples/src/main/native/BUILD.bazel b/examples/src/main/native/BUILD.bazel index 16b48419..df24bb37 100644 --- a/examples/src/main/native/BUILD.bazel +++ b/examples/src/main/native/BUILD.bazel @@ -1,7 +1,7 @@ load("@rules_cc//cc:defs.bzl", "cc_binary") cc_binary( - name = "native", + name = "native_asan", srcs = [ "com_example_ExampleFuzzerWithNative.cpp", "com_example_ExampleFuzzerWithNative.h", @@ -18,3 +18,25 @@ cc_binary( "@bazel_tools//tools/jdk:jni", ], ) + +cc_binary( + name = "native_ubsan", + srcs = [ + "com_example_ExampleFuzzerWithNative.cpp", + "com_example_ExampleFuzzerWithNative.h", + ], + copts = [ + "-fsanitize=fuzzer-no-link,undefined", + "-fno-sanitize-recover=all", + # Workaround for https://github.com/bazelbuild/bazel/issues/11122. + "-fno-sanitize=vptr,function", + ], + linkopts = [ + "-fsanitize=fuzzer-no-link,undefined", + ], + linkshared = True, + visibility = ["//examples:__pkg__"], + deps = [ + "@bazel_tools//tools/jdk:jni", + ], +) diff --git a/examples/src/main/native/com_example_ExampleFuzzerWithNative.cpp b/examples/src/main/native/com_example_ExampleFuzzerWithNative.cpp index 434c3d5b..774e5998 100644 --- a/examples/src/main/native/com_example_ExampleFuzzerWithNative.cpp +++ b/examples/src/main/native/com_example_ExampleFuzzerWithNative.cpp @@ -14,14 +14,20 @@ #include "com_example_ExampleFuzzerWithNative.h" +#include <limits> #include <string> // simple function containing a crash that requires coverage and string compare // instrumentation for the fuzzer to find __attribute__((optnone)) void parseInternal(const std::string &input) { + constexpr int bar = std::numeric_limits<int>::max() - 5; + // Crashes with UBSan. + if (bar + input[0] == 300) { + return; + } if (input[0] == 'a' && input[1] == 'b' && input[5] == 'c') { if (input.find("secret_in_native_library") != std::string::npos) { - // BOOM + // Crashes with ASan. [[maybe_unused]] char foo = input[input.size() + 2]; } } |