jazzer
jazzer copied to clipboard
CodeIntelligenceTesting
VerifyError thrown while instanciating org.postgresql.jdbc.PgConnection
Hello
I'm currenlty onboarding pgjdbc into oss-fuzz. One of the fuzz targets creates a java.sql.Connection to a postgresql server, which works, and then uses this connection to instanciate a java.sql.Statement. While doing so, a VerifyError is thrown uppon which the JVM dies.
== Java Exception: java.lang.VerifyError: Inconsistent stackmap frames at branch target 173
Exception Details:
Location:
org/postgresql/jdbc/PgStatement.executeWithFlags(Lorg/postgresql/core/CachedQuery;I)Z @141: goto
Reason:
Current frame's stack size doesn't match stackmap.
Current Frame:
bci: @141
flags: { }
locals: { 'org/postgresql/jdbc/PgStatement', 'org/postgresql/core/CachedQuery', integer, '[Ljava/lang/Object;', 'org/postgresql/jdbc/PgStatement', top, 'org/postgresql/jdbc/PgStatement' }
stack: { 'java/lang/Object' }
Stackmap Frame:
bci: @173
flags: { }
locals: { 'org/postgresql/jdbc/PgStatement', 'org/postgresql/core/CachedQuery', integer, top, top, top, 'java/lang/Object' }
stack: { }
Bytecode:
0000000: 2ab6 0102 111f 07b8 03ed 2ab4 0079 b901
0000010: 3901 00b2 017f b601 8359 035f 1301 84b8
0000020: 00e6 9b00 0c11 1f08 b803 eda7 000f 1c11
0000030: 0400 803d 111f 09b8 03ed 2a2b 011c 1100
0000040: 03bd 0004 4eb8 02ea 2d5f 1100 025f 532d
0000050: 5f11 0001 5f53 2d5f 1100 005f 533a 0413
0000060: 03c4 1904 2d13 03c5 b803 cb2a 593a 06c2
0000070: 111f 0ab8 03ed 2ab6 0102 111f 0bb8 03ed
0000080: 2ab4 006d c700 0c11 1f0c b803 eda7 0020
0000090: 2ab4 006d b601 16c7 000c 111f 0db8 03ed
00000a0: a700 0d04 111f 0eb8 03ed a700 0a03 111f
00000b0: 0fb8 03ed 1906 c311 1f10 b803 edac 3a07
00000c0: 1906 c319 0711 1f11 b803 edbf
Exception Handler Table:
bci [112, 183] => handler: 190
bci [190, 195] => handler: 190
Stackmap Table:
same_frame(@46)
same_frame(@58)
full_frame(@144,{Object[#2],Object[#342],Integer,Object[#1007],Object[#2],Top,Object[#2]},{Object[#4]})
same_locals_1_stack_item_frame(@163,Object[#4])
full_frame(@173,{Object[#2],Object[#342],Integer,Top,Top,Top,Object[#4]},{})
same_locals_1_stack_item_frame(@180,Integer)
same_locals_1_stack_item_frame(@190,Object[#287])
at org.postgresql.jdbc.PgConnection.createStatement(PgConnection.java:1318)
at org.postgresql.jdbc.PgConnection.createStatement(PgConnection.java:1772)
at org.postgresql.jdbc.PgConnection.createStatement(PgConnection.java:449)
at SqlStatementFuzzer.createTestTable(SqlStatementFuzzer.java:22)
at SqlStatementFuzzer.fuzzerTestOneInput(SqlStatementFuzzer.java:33)
DEDUP_TOKEN: 0cc0919333d7575a
== libFuzzer crashing input ==
MS: 0 ; base unit: 0000000000000000000000000000000000000000
The SqlStatementFuzzer "fuzz target" in the pgjdbc branch of the oss-fuzz repository reproduces the issue.
@aschaich I've tried your OSS-Fuzz setup and no fuzz targets were built. Could you check whether you've pushed the latest state?
I've created your fuzz test locally (without OSS-Fuzz) with the latest version (https://mvnrepository.com/artifact/org.postgresql/postgresql/42.4.0) and didn't get the error you got.
I just tried cloning the repository anew and building the pgjdbc fuzzer using
git clone --branch pgjdbc https://github.com/CodeIntelligenceTesting/oss-fuzz.git oss-fuzz-pgjdbc
cd oss-fuzz-pgjdbc
python infra\helper.py shell pgjdbc
then, in the docker shell
compile
/out/SqlStatementFuzzer
which both resulted in the fuzzer getting built and also having it cause the VerifyError
@aschaich I just reran your reproduction steps and am not hitting a VerifyError. Could you try this again?
INFO: Instrumented org.postgresql.jdbc.PgConnection (took 78 ms, size +15%)
INFO: Instrumented org.postgresql.jdbc.PgStatement (took 36 ms, size +18%)
