• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2021 Code Intelligence GmbH
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <memory>
20 #include <string>
21 
22 #include "absl/strings/match.h"
23 #include "fuzz_target_runner.h"
24 #include "fuzzed_data_provider.h"
25 #include "jvm_tooling.h"
26 #include "libfuzzer_callbacks.h"
27 #include "signal_handler.h"
28 
29 namespace jazzer {
30 
31 class AbstractLibfuzzerDriver {
32  public:
33   AbstractLibfuzzerDriver(int *argc, char ***argv,
34                           const std::string &usage_string);
35 
36   virtual ~AbstractLibfuzzerDriver() = default;
37 
38   virtual RunResult TestOneInput(const uint8_t *data, std::size_t size) = 0;
39 
40   // Default value of the libFuzzer -error_exitcode flag.
41   static constexpr int kErrorExitCode = 77;
42 
43   // A libFuzzer-registered callback that outputs the crashing input, but does
44   // not include a stack trace.
45   static void (*libfuzzer_print_crashing_input_)();
46 
47  protected:
48   // wrapper around the running jvm instance
49   std::unique_ptr<jazzer::JVM> jvm_;
50 
51  private:
52   // forwards signals caught while the JVM is running
53   std::unique_ptr<jazzer::SignalHandler> signal_handler_;
54 
55   void initJvm(const std::string &executable_path);
56 };
57 
58 class LibfuzzerDriver : public AbstractLibfuzzerDriver {
59  public:
60   LibfuzzerDriver(int *argc, char ***argv);
61 
62   RunResult TestOneInput(const uint8_t *data, std::size_t size) override;
63 
64   ~LibfuzzerDriver() override = default;
65 
66   void DumpReproducer(const uint8_t *data, std::size_t size);
67 
68  private:
69   // initializes the fuzz target and invokes the TestOneInput function
70   std::unique_ptr<jazzer::FuzzTargetRunner> runner_;
71 
72   static std::string getUsageString();
73 };
74 
75 }  // namespace jazzer
76