search

CodeIntelligenceTesting / jazzer

Coverage-guided, in-process fuzzing for the JVM
https://code-intelligence.com
Other
1.03k stars 137 forks source link

many messages: 'ERROR: Unexpected exception encountered during autofuzz:' #696

Closed freedom1b2830 closed 1 year ago

freedom1b2830 commented 1 year ago

target: org.eclipse.jgit.attributes.AttributesNode::parse(java.io.InputStream)

<dependency>
    <groupId>org.eclipse.jgit</groupId>
    <artifactId>org.eclipse.jgit</artifactId>
    <version>6.5.0.202303070854-r</version>
</dependency>

os:Linux archlinux 6.2.8-arch1-1 jazzer 0.16.1

java -version

openjdk version "19.0.2" 2023-01-17
OpenJDK Runtime Environment (build 19.0.2+7)
OpenJDK 64-Bit Server VM (build 19.0.2+7, mixed mode)
ERROR: Unexpected exception encountered during autofuzz:
#9964   REDUCE cov: 312 ft: 3323 corp: 567/32Mb lim: 978625 exec/s: 36 rss: 1078Mb L: 22/978606 MS: 2 EraseBytes-Custom-
ERROR: Unexpected exception encountered during autofuzz:
ERROR: Unexpected exception encountered during autofuzz:
ERROR: Unexpected exception encountered during autofuzz:
ERROR: Unexpected exception encountered during autofuzz:
#10030  NEW    cov: 312 ft: 3324 corp: 568/32Mb lim: 978625 exec/s: 36 rss: 1078Mb L: 36/978606 MS: 2 ChangeBinInt-Custom-
#10082  REDUCE cov: 312 ft: 3324 corp: 568/32Mb lim: 978625 exec/s: 36 rss: 1078Mb L: 2484/978606 MS: 4 ShuffleBytes-Custom-EraseBytes-Custom-
#10118  REDUCE cov: 312 ft: 3324 corp: 568/32Mb lim: 978625 exec/s: 36 rss: 1078Mb L: 12145/978606 MS: 2 EraseBytes-Custom-
ERROR: Unexpected exception encountered during autofuzz:
ERROR: Unexpected exception encountered during autofuzz:
ERROR: Unexpected exception encountered during autofuzz:
ERROR: Unexpected exception encountered during autofuzz:
ERROR: Unexpected exception encountered during autofuzz:
#10219  REDUCE cov: 312 ft: 3324 corp: 568/32Mb lim: 978625 exec/s: 36 rss: 1078Mb L: 61/978606 MS: 2 EraseBytes-Custom-
ERROR: Unexpected exception encountered during autofuzz:
ERROR: Unexpected exception encountered during autofuzz:
ERROR: Unexpected exception encountered during autofuzz:
bertschneider commented 1 year ago

Should be fixed by #699.

bertschneider commented 1 year ago

BTW. the following regex issue is found in your example. I haven't checked if it's actually problematic in the jgit use-case, though.

== Java Exception: com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow: Regular Expression Injection
Regular expression patterns that contain unescaped untrusted input can consume
arbitrary amounts of CPU time. To properly escape the input, wrap it with
Pattern.quote(...).
        at com.code_intelligence.jazzer.sanitizers.RegexInjection.hookInternal(RegexInjection.kt:151)
        at com.code_intelligence.jazzer.sanitizers.RegexInjection.compileWithFlagsHook(RegexInjection.kt:55)
        at org.eclipse.jgit.ignore.internal.Strings.convertGlob(Strings.java:411)
        at org.eclipse.jgit.ignore.internal.WildCardMatcher.<init>(WildCardMatcher.java:31)
        at org.eclipse.jgit.ignore.internal.PathMatcher.createNameMatcher0(PathMatcher.java:146)
        at org.eclipse.jgit.ignore.internal.PathMatcher.createPathMatcher(PathMatcher.java:104)
        at org.eclipse.jgit.attributes.AttributesRule.<init>(AttributesRule.java:122)
        at org.eclipse.jgit.attributes.AttributesNode.parse(AttributesNode.java:79)
        at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
        at java.base/java.lang.reflect.Method.invoke(Method.java:577)
Caused by: java.util.regex.PatternSyntaxException: Unclosed character class near index 2
\\[
  ^
        at java.base/java.util.regex.Pattern.error(Pattern.java:2038)
        at java.base/java.util.regex.Pattern.clazz(Pattern.java:2700)
        at java.base/java.util.regex.Pattern.sequence(Pattern.java:2149)
        at java.base/java.util.regex.Pattern.expr(Pattern.java:2079)
        at java.base/java.util.regex.Pattern.compile(Pattern.java:1793)
        at java.base/java.util.regex.Pattern.<init>(Pattern.java:1440)
        at java.base/java.util.regex.Pattern.compile(Pattern.java:1105)
        at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:731)
        at com.code_intelligence.jazzer.sanitizers.RegexInjection.hookInternal(RegexInjection.kt:142)
        ... 9 more
freedom1b2830 commented 1 year ago

BTW. the following regex issue is found in your example. I haven't checked if it's actually problematic in the jgit use-case, though.

== Java Exception: com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow: Regular Expression Injection
Regular expression patterns that contain unescaped untrusted input can consume
arbitrary amounts of CPU time. To properly escape the input, wrap it with
Pattern.quote(...).
        at com.code_intelligence.jazzer.sanitizers.RegexInjection.hookInternal(RegexInjection.kt:151)
        at com.code_intelligence.jazzer.sanitizers.RegexInjection.compileWithFlagsHook(RegexInjection.kt:55)
        at org.eclipse.jgit.ignore.internal.Strings.convertGlob(Strings.java:411)
        at org.eclipse.jgit.ignore.internal.WildCardMatcher.<init>(WildCardMatcher.java:31)
        at org.eclipse.jgit.ignore.internal.PathMatcher.createNameMatcher0(PathMatcher.java:146)
        at org.eclipse.jgit.ignore.internal.PathMatcher.createPathMatcher(PathMatcher.java:104)
        at org.eclipse.jgit.attributes.AttributesRule.<init>(AttributesRule.java:122)
        at org.eclipse.jgit.attributes.AttributesNode.parse(AttributesNode.java:79)
        at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
        at java.base/java.lang.reflect.Method.invoke(Method.java:577)
Caused by: java.util.regex.PatternSyntaxException: Unclosed character class near index 2
\\[
  ^
        at java.base/java.util.regex.Pattern.error(Pattern.java:2038)
        at java.base/java.util.regex.Pattern.clazz(Pattern.java:2700)
        at java.base/java.util.regex.Pattern.sequence(Pattern.java:2149)
        at java.base/java.util.regex.Pattern.expr(Pattern.java:2079)
        at java.base/java.util.regex.Pattern.compile(Pattern.java:1793)
        at java.base/java.util.regex.Pattern.<init>(Pattern.java:1440)
        at java.base/java.util.regex.Pattern.compile(Pattern.java:1105)
        at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:731)
        at com.code_intelligence.jazzer.sanitizers.RegexInjection.hookInternal(RegexInjection.kt:142)
        ... 9 more

I will say more, this library has an OOM exception) Thanks for the fix, I'm waiting for the next maven release