jazzer
jazzer copied to clipboard
CodeIntelligenceTesting
Coverage-guided, in-process fuzzing for the JVM
When I am writing fuzz targets for Tomcat, sometimes the coverage will keep increasing until it reaches JAZZER_MAX_NUM_COUNTERS. The Jazzer output shows that Jazzer keep instrumenting JdbcLeakPrevention. I think this...
The finding reproduced by ``` docker run -v $(pwd):/fuzzing -it cifuzz/jazzer-autofuzz org.jsoup:jsoup:1.14.1 "org.jsoup.Jsoup::parse(java.lang.String)" ./crash-149fd50be3b111ffd5384759cddc3a7d20eed8ce ``` is not reproduced by ``` java -cp jsoup-1.14.1.jar ./Crash_149fd50be3b111ffd5384759cddc3a7d20eed8ce.java ``` Files renamed to allow uploading...
Currently, whenever Autofuzz needs to decide how many bytes from the fuzzer input to spend on the construction of an object, it uses half of the remaining bytes. While this...
Not directly related to this PR, but I wonder if mixing in `lowerBoundKey` and `upperBoundKey` to the `hookId`s would create unnecessary many IDs if the map content is not stable....
TODO: - [ ] fix shared library suffix on osx (`ExampleFuzzerWithNative`) - [ ] get in touch with libFuzzer to see if it could have better exit code support on...
https://github.com/CodeIntelligenceTesting/jazzer/blob/3e0e4f177fdb8ecff1c707fed83c16c094b181c9/agent/src/main/java/com/code_intelligence/jazzer/instrumentor/TraceDataFlowInstrumentor.kt#L117-L130 When reading the code above, I found that the gep instrumentations are performed only after a "constant integer push" (see Line 122 and Line 128), which means we instrument...
_Originally posted by @fmeum in https://github.com/CodeIntelligenceTesting/jazzer/issues/121#issuecomment-850386490_
I tried adding jazzer test rules as a http_archive to my WORKSPACE file: ``` http_archive( name = "rules_jazzer", sha256 = "c2b26f80618f51fd7d75e2e8067084f3776f321b596ca2fb19c585f836739bf9", strip_prefix = "jazzer-0.9.1", urls = ["https://github.com/CodeIntelligenceTesting/jazzer/archive/refs/tags/v0.9.1.tar.gz"], ) ``` and...
I'd like to try jazzer with my Java library under Mac OS and have already created a target class: https://github.com/marco-schmidt/ufxcoder/blob/master/src/main/java/ufxcoder/formats/JazzerTarget.java I've also followed your README.md and installed bazel. I don't...
As reported by ClusterFuzz, coverage IDs can become desynchronized between child processes in fork mode. I attached a log obtained from the `ValidJsonFuzzer` fuzzer of the `json-sanitizer` project. @sebastianpoeplau Could...
Metadata
Owner
Metadata
Coverage-guided, in-process fuzzing for the JVM