diff options
Diffstat (limited to 'examples/src/main/native/com/example')
-rw-r--r-- | examples/src/main/native/com/example/BUILD.bazel | 49 | ||||
-rw-r--r-- | examples/src/main/native/com/example/com_example_ExampleFuzzerWithNative.cpp | 42 |
2 files changed, 91 insertions, 0 deletions
diff --git a/examples/src/main/native/com/example/BUILD.bazel b/examples/src/main/native/com/example/BUILD.bazel new file mode 100644 index 00000000..7f23f75e --- /dev/null +++ b/examples/src/main/native/com/example/BUILD.bazel @@ -0,0 +1,49 @@ +load("@fmeum_rules_jni//jni:defs.bzl", "cc_jni_library") + +cc_jni_library( + name = "native_asan", + srcs = [ + "com_example_ExampleFuzzerWithNative.cpp", + ], + copts = [ + "-fsanitize=fuzzer-no-link,address", + "-fno-sanitize-blacklist", + ], + linkopts = select({ + "//:clang_on_linux": ["-fuse-ld=lld"], + "@platforms//os:windows": [ + # Windows requires all symbols that should be imported from the main + # executable to be defined by an import lib. + "/wholearchive:clang_rt.asan_dll_thunk-x86_64.lib", + ], + "//conditions:default": [], + }), + visibility = ["//examples:__pkg__"], + deps = [ + "//examples:example_fuzzer_with_native_lib.hdrs", + ], +) + +cc_jni_library( + name = "native_ubsan", + srcs = [ + "com_example_ExampleFuzzerWithNative.cpp", + ], + copts = [ + "-fsanitize=fuzzer-no-link,undefined", + "-fno-sanitize-recover=all", + ], + linkopts = select({ + "//:clang_on_linux": ["-fuse-ld=lld"], + "@platforms//os:windows": [ + # Using the asan thunk is correct here as it contains symbols for + # UBSan and SanCov as well. + "/wholearchive:clang_rt.asan_dll_thunk-x86_64.lib", + ], + "//conditions:default": [], + }), + visibility = ["//examples:__pkg__"], + deps = [ + "//examples:example_fuzzer_with_native_lib.hdrs", + ], +) diff --git a/examples/src/main/native/com/example/com_example_ExampleFuzzerWithNative.cpp b/examples/src/main/native/com/example/com_example_ExampleFuzzerWithNative.cpp new file mode 100644 index 00000000..774e5998 --- /dev/null +++ b/examples/src/main/native/com/example/com_example_ExampleFuzzerWithNative.cpp @@ -0,0 +1,42 @@ +// Copyright 2021 Code Intelligence GmbH +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "com_example_ExampleFuzzerWithNative.h" + +#include <limits> +#include <string> + +// simple function containing a crash that requires coverage and string compare +// instrumentation for the fuzzer to find +__attribute__((optnone)) void parseInternal(const std::string &input) { + constexpr int bar = std::numeric_limits<int>::max() - 5; + // Crashes with UBSan. + if (bar + input[0] == 300) { + return; + } + if (input[0] == 'a' && input[1] == 'b' && input[5] == 'c') { + if (input.find("secret_in_native_library") != std::string::npos) { + // Crashes with ASan. + [[maybe_unused]] char foo = input[input.size() + 2]; + } + } +} + +JNIEXPORT jboolean JNICALL Java_com_example_ExampleFuzzerWithNative_parse( + JNIEnv *env, jobject o, jstring bytes) { + const char *input(env->GetStringUTFChars(bytes, nullptr)); + parseInternal(input); + env->ReleaseStringUTFChars(bytes, input); + return false; +} |