Open tkmikan opened 8 months ago
Could you provide the steps that lead to that stack trace? How are you running fuzzing with your hook and how are you collecting coverage?
To reproduce from jazzer examples, add the above hook function to com.example.ExampleFuzzerHooks
, and
./jazzer --cp=examples/src/main/java --target_class=com.example.ExampleFuzzer --custom_hooks=com.example.ExampleFuzzerHooks --coverage_report=report
@tkmikan - thanks for the feedback on this issue. Are you still using Jazzer? You may have seen there haven't been any updates for a while.... We stopped maintaining Jazzer/Jazzer.js as open source. But we'd be happy to understand what you're trying to achieve with it, and help you if we can! For example, maybe our AI-powered fuzz testing platform is the superior choice... Ping me if interested? Ping me? david[dot]merian [at] code-intelligence[dot]com
TLDR: Hooks are not removed after fuzz ends, while their classpath is removed.
Details: I am fuzzing some code taking user input as ArrayList size e.g.
If the fuzzer provides a large int, it will take large memory and long time, so I write a hook to avoid this like:
However, with this hook, exception is raised when generating coverage report.
The cause is, my hook is effective for Pattern.java:1775
new ArrayList<>(10);
, but the classpath argument does not work here, resulting in aNoClassDefFoundError
.Stacktrace:
I haven't looked into jazzer's implementation about classloader and instrumention. Some possible fix may be use separate classloaders for fuzzing and others(not hook), or reload/restore after fuzzing.