1 // Copyright 2022 Code Intelligence GmbH
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include <jni.h>
16
17 #include <cstddef>
18 #include <cstdint>
19
20 #include "com_code_intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks.h"
21 #include "sanitizer_hooks_with_pc.h"
22
23 namespace {
24
25 extern "C" {
26 void __sanitizer_weak_hook_compare_bytes(void *caller_pc, const void *s1,
27 const void *s2, std::size_t n1,
28 std::size_t n2, int result);
29 void __sanitizer_weak_hook_memmem(void *called_pc, const void *s1, size_t len1,
30 const void *s2, size_t len2, void *result);
31 }
32
idToPc(jint id)33 inline __attribute__((always_inline)) void *idToPc(jint id) {
34 return reinterpret_cast<void *>(static_cast<uintptr_t>(id));
35 }
36 } // namespace
37
38 [[maybe_unused]] void
Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceStrstr0(JNIEnv * env,jclass cls,jbyteArray needle,jint id)39 Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceStrstr0(
40 JNIEnv *env, jclass cls, jbyteArray needle, jint id) {
41 jint needle_length = env->GetArrayLength(needle);
42 auto *needle_native =
43 static_cast<jbyte *>(env->GetPrimitiveArrayCritical(needle, nullptr));
44 __sanitizer_weak_hook_memmem(idToPc(id), nullptr, 0, needle_native,
45 needle_length, nullptr);
46 env->ReleasePrimitiveArrayCritical(needle, needle_native, JNI_ABORT);
47 }
48
49 extern "C" [[maybe_unused]] JNIEXPORT void JNICALL
JavaCritical_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceStrstr0(jint needle_length,jbyte * needle_native,jint id)50 JavaCritical_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceStrstr0(
51 jint needle_length, jbyte *needle_native, jint id) {
52 __sanitizer_weak_hook_memmem(idToPc(id), nullptr, 0, needle_native,
53 needle_length, nullptr);
54 }
55
56 [[maybe_unused]] void
Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceMemcmp(JNIEnv * env,jclass cls,jbyteArray b1,jbyteArray b2,jint result,jint id)57 Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceMemcmp(
58 JNIEnv *env, jclass cls, jbyteArray b1, jbyteArray b2, jint result,
59 jint id) {
60 jint b1_length = env->GetArrayLength(b1);
61 jint b2_length = env->GetArrayLength(b2);
62 auto *b1_native =
63 static_cast<jbyte *>(env->GetPrimitiveArrayCritical(b1, nullptr));
64 auto *b2_native =
65 static_cast<jbyte *>(env->GetPrimitiveArrayCritical(b2, nullptr));
66 __sanitizer_weak_hook_compare_bytes(idToPc(id), b1_native, b2_native,
67 b1_length, b2_length, result);
68 env->ReleasePrimitiveArrayCritical(b1, b1_native, JNI_ABORT);
69 env->ReleasePrimitiveArrayCritical(b2, b2_native, JNI_ABORT);
70 }
71
72 extern "C" [[maybe_unused]] JNIEXPORT void JNICALL
JavaCritical_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceMemcmp(jint b1_length,jbyte * b1,jint b2_length,jbyte * b2,jint result,jint id)73 JavaCritical_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceMemcmp(
74 jint b1_length, jbyte *b1, jint b2_length, jbyte *b2, jint result,
75 jint id) {
76 __sanitizer_weak_hook_compare_bytes(idToPc(id), b1, b2, b1_length, b2_length,
77 result);
78 }
79
80 [[maybe_unused]] void
Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceCmpLong(JNIEnv * env,jclass cls,jlong value1,jlong value2,jint id)81 Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceCmpLong(
82 JNIEnv *env, jclass cls, jlong value1, jlong value2, jint id) {
83 __sanitizer_cov_trace_cmp8_with_pc(idToPc(id), value1, value2);
84 }
85
86 extern "C" [[maybe_unused]] JNIEXPORT void JNICALL
JavaCritical_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceCmpLong(jlong value1,jlong value2,jint id)87 JavaCritical_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceCmpLong(
88 jlong value1, jlong value2, jint id) {
89 __sanitizer_cov_trace_cmp8_with_pc(idToPc(id), value1, value2);
90 }
91
92 [[maybe_unused]] void
Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceCmpInt(JNIEnv * env,jclass cls,jint value1,jint value2,jint id)93 Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceCmpInt(
94 JNIEnv *env, jclass cls, jint value1, jint value2, jint id) {
95 __sanitizer_cov_trace_cmp4_with_pc(idToPc(id), value1, value2);
96 }
97
98 extern "C" [[maybe_unused]] JNIEXPORT void JNICALL
JavaCritical_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceCmpInt(jint value1,jint value2,jint id)99 JavaCritical_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceCmpInt(
100 jint value1, jint value2, jint id) {
101 __sanitizer_cov_trace_cmp4_with_pc(idToPc(id), value1, value2);
102 }
103
104 [[maybe_unused]] void
Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceConstCmpInt(JNIEnv * env,jclass cls,jint value1,jint value2,jint id)105 Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceConstCmpInt(
106 JNIEnv *env, jclass cls, jint value1, jint value2, jint id) {
107 __sanitizer_cov_trace_cmp4_with_pc(idToPc(id), value1, value2);
108 }
109
110 extern "C" [[maybe_unused]] JNIEXPORT void JNICALL
JavaCritical_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceConstCmpInt(jint value1,jint value2,jint id)111 JavaCritical_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceConstCmpInt(
112 jint value1, jint value2, jint id) {
113 __sanitizer_cov_trace_cmp4_with_pc(idToPc(id), value1, value2);
114 }
115
116 [[maybe_unused]] void
Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceSwitch(JNIEnv * env,jclass cls,jlong switch_value,jlongArray libfuzzer_case_values,jint id)117 Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceSwitch(
118 JNIEnv *env, jclass cls, jlong switch_value,
119 jlongArray libfuzzer_case_values, jint id) {
120 auto *case_values = static_cast<jlong *>(
121 env->GetPrimitiveArrayCritical(libfuzzer_case_values, nullptr));
122 __sanitizer_cov_trace_switch_with_pc(
123 idToPc(id), switch_value, reinterpret_cast<uint64_t *>(case_values));
124 env->ReleasePrimitiveArrayCritical(libfuzzer_case_values, case_values,
125 JNI_ABORT);
126 }
127
128 extern "C" [[maybe_unused]] JNIEXPORT void JNICALL
JavaCritical_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceSwitch(jlong switch_value,jint libfuzzer_case_values_length,jlong * case_values,jint id)129 JavaCritical_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceSwitch(
130 jlong switch_value, jint libfuzzer_case_values_length, jlong *case_values,
131 jint id) {
132 __sanitizer_cov_trace_switch_with_pc(
133 idToPc(id), switch_value, reinterpret_cast<uint64_t *>(case_values));
134 }
135
136 [[maybe_unused]] void
Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceDivLong(JNIEnv * env,jclass cls,jlong value,jint id)137 Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceDivLong(
138 JNIEnv *env, jclass cls, jlong value, jint id) {
139 __sanitizer_cov_trace_div8_with_pc(idToPc(id), value);
140 }
141
142 extern "C" [[maybe_unused]] JNIEXPORT void JNICALL
JavaCritical_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceDivLong(jlong value,jint id)143 JavaCritical_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceDivLong(
144 jlong value, jint id) {
145 __sanitizer_cov_trace_div8_with_pc(idToPc(id), value);
146 }
147
148 [[maybe_unused]] void
Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceDivInt(JNIEnv * env,jclass cls,jint value,jint id)149 Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceDivInt(
150 JNIEnv *env, jclass cls, jint value, jint id) {
151 __sanitizer_cov_trace_div4_with_pc(idToPc(id), value);
152 }
153
154 extern "C" [[maybe_unused]] JNIEXPORT void JNICALL
JavaCritical_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceDivInt(jint value,jint id)155 JavaCritical_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceDivInt(
156 jint value, jint id) {
157 __sanitizer_cov_trace_div4_with_pc(idToPc(id), value);
158 }
159
160 [[maybe_unused]] void
Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceGep(JNIEnv * env,jclass cls,jlong idx,jint id)161 Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceGep(
162 JNIEnv *env, jclass cls, jlong idx, jint id) {
163 __sanitizer_cov_trace_gep_with_pc(idToPc(id), static_cast<uintptr_t>(idx));
164 }
165
166 extern "C" [[maybe_unused]] JNIEXPORT void JNICALL
JavaCritical_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceGep(jlong idx,jint id)167 JavaCritical_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_traceGep(
168 jlong idx, jint id) {
169 __sanitizer_cov_trace_gep_with_pc(idToPc(id), static_cast<uintptr_t>(idx));
170 }
171
172 [[maybe_unused]] void
Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_tracePcIndir(JNIEnv * env,jclass cls,jint caller_id,jint callee_id)173 Java_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_tracePcIndir(
174 JNIEnv *env, jclass cls, jint caller_id, jint callee_id) {
175 __sanitizer_cov_trace_pc_indir_with_pc(idToPc(caller_id),
176 static_cast<uintptr_t>(callee_id));
177 }
178
179 extern "C" [[maybe_unused]] JNIEXPORT void JNICALL
JavaCritical_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_tracePcIndir(jint caller_id,jint callee_id)180 JavaCritical_com_code_1intelligence_jazzer_runtime_TraceDataFlowNativeCallbacks_tracePcIndir(
181 jint caller_id, jint callee_id) {
182 __sanitizer_cov_trace_pc_indir_with_pc(idToPc(caller_id),
183 static_cast<uintptr_t>(callee_id));
184 }
185