Java native libraries should now be fuzzed correctly, but the current crash is still reported as flaky due to the multiple fixes required to make it work.
This commit should trigger a clean new finding.
The JVM uses custom SIGSEGV handlers, which leads to fuzzer crashes on
ClusterFuzz when running with ASAN likely due to the
allow_user_segv_handler=1 default on the platform.
Prior to this change, native library loading failed for
two reasons:
1. Loading from current working directory instead of the fuzzer's
directory.
2. Using ASAN_OPTIONS=handle_segv=2.
Fix these issues by doing the following.
1. Adding the fuzzer's directory to LD_LIBRARY_PATH instead of "."
2. Specifying handle_segv=1 in ASAN_OPTIONS.
Related: https://github.com/google/oss-fuzz/issues/5178
Jazzer has made fuzzerTestOneInput return void instead of boolean.
This commit adapts the existing Jazzer fuzz targets to this change.
Previously, returning true from a fuzz target would be recorded as a
crash. However, since there is no stack trace in that case, such crashes
cause issues with deduplication. Additionally, the behavior is easy to
replicate with assert or a an if with a throw statement.
The same speculative fix as in #5217.
The current working directory "." should have no reason to be in the
classpath if it is not equal to "$this_dir", hence it is removed.
The java-example project does not pull in any external dependencies, but
rather consists of three basic Java fuzzers that hit a synthetic bug
after a few seconds. The project can be used to verify that ClusterFuzz
correctly handles JVM fuzz targets.
* ExampleFuzzer fails with an assertion.
* ExampleValueProfileFuzzer fails with an exception after a few seconds,
but only if running in value profile mode.
* ExampleFuzzerNative fails with an ASan report.
Fabian Meumertzheim