Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

many messages: 'ERROR: Unexpected exception encountered during autofuzz:' #696

Closed
freedom1b2830 opened this issue Apr 5, 2023 · 3 comments · Fixed by #699
Closed

many messages: 'ERROR: Unexpected exception encountered during autofuzz:' #696

freedom1b2830 opened this issue Apr 5, 2023 · 3 comments · Fixed by #699

Comments

@freedom1b2830
Copy link

target:
org.eclipse.jgit.attributes.AttributesNode::parse(java.io.InputStream)

<dependency>
	<groupId>org.eclipse.jgit</groupId>
	<artifactId>org.eclipse.jgit</artifactId>
	<version>6.5.0.202303070854-r</version>
</dependency>

os:Linux archlinux 6.2.8-arch1-1
jazzer 0.16.1

java -version

openjdk version "19.0.2" 2023-01-17
OpenJDK Runtime Environment (build 19.0.2+7)
OpenJDK 64-Bit Server VM (build 19.0.2+7, mixed mode)

ERROR: Unexpected exception encountered during autofuzz:
#9964   REDUCE cov: 312 ft: 3323 corp: 567/32Mb lim: 978625 exec/s: 36 rss: 1078Mb L: 22/978606 MS: 2 EraseBytes-Custom-
ERROR: Unexpected exception encountered during autofuzz:
ERROR: Unexpected exception encountered during autofuzz:
ERROR: Unexpected exception encountered during autofuzz:
ERROR: Unexpected exception encountered during autofuzz:
#10030  NEW    cov: 312 ft: 3324 corp: 568/32Mb lim: 978625 exec/s: 36 rss: 1078Mb L: 36/978606 MS: 2 ChangeBinInt-Custom-
#10082  REDUCE cov: 312 ft: 3324 corp: 568/32Mb lim: 978625 exec/s: 36 rss: 1078Mb L: 2484/978606 MS: 4 ShuffleBytes-Custom-EraseBytes-Custom-
#10118  REDUCE cov: 312 ft: 3324 corp: 568/32Mb lim: 978625 exec/s: 36 rss: 1078Mb L: 12145/978606 MS: 2 EraseBytes-Custom-
ERROR: Unexpected exception encountered during autofuzz:
ERROR: Unexpected exception encountered during autofuzz:
ERROR: Unexpected exception encountered during autofuzz:
ERROR: Unexpected exception encountered during autofuzz:
ERROR: Unexpected exception encountered during autofuzz:
#10219  REDUCE cov: 312 ft: 3324 corp: 568/32Mb lim: 978625 exec/s: 36 rss: 1078Mb L: 61/978606 MS: 2 EraseBytes-Custom-
ERROR: Unexpected exception encountered during autofuzz:
ERROR: Unexpected exception encountered during autofuzz:
ERROR: Unexpected exception encountered during autofuzz:
@bertschneider bertschneider mentioned this issue Apr 6, 2023
Merged
@bertschneider
Copy link
Contributor

Should be fixed by #699.

@bertschneider
Copy link
Contributor

BTW. the following regex issue is found in your example. I haven't checked if it's actually problematic in the jgit use-case, though.

== Java Exception: com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow: Regular Expression Injection
Regular expression patterns that contain unescaped untrusted input can consume
arbitrary amounts of CPU time. To properly escape the input, wrap it with
Pattern.quote(...).
        at com.code_intelligence.jazzer.sanitizers.RegexInjection.hookInternal(RegexInjection.kt:151)
        at com.code_intelligence.jazzer.sanitizers.RegexInjection.compileWithFlagsHook(RegexInjection.kt:55)
        at org.eclipse.jgit.ignore.internal.Strings.convertGlob(Strings.java:411)
        at org.eclipse.jgit.ignore.internal.WildCardMatcher.<init>(WildCardMatcher.java:31)
        at org.eclipse.jgit.ignore.internal.PathMatcher.createNameMatcher0(PathMatcher.java:146)
        at org.eclipse.jgit.ignore.internal.PathMatcher.createPathMatcher(PathMatcher.java:104)
        at org.eclipse.jgit.attributes.AttributesRule.<init>(AttributesRule.java:122)
        at org.eclipse.jgit.attributes.AttributesNode.parse(AttributesNode.java:79)
        at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
        at java.base/java.lang.reflect.Method.invoke(Method.java:577)
Caused by: java.util.regex.PatternSyntaxException: Unclosed character class near index 2
\\[
  ^
        at java.base/java.util.regex.Pattern.error(Pattern.java:2038)
        at java.base/java.util.regex.Pattern.clazz(Pattern.java:2700)
        at java.base/java.util.regex.Pattern.sequence(Pattern.java:2149)
        at java.base/java.util.regex.Pattern.expr(Pattern.java:2079)
        at java.base/java.util.regex.Pattern.compile(Pattern.java:1793)
        at java.base/java.util.regex.Pattern.<init>(Pattern.java:1440)
        at java.base/java.util.regex.Pattern.compile(Pattern.java:1105)
        at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:731)
        at com.code_intelligence.jazzer.sanitizers.RegexInjection.hookInternal(RegexInjection.kt:142)
        ... 9 more

@fmeum fmeum closed this as completed in #699 Apr 6, 2023
@freedom1b2830
Copy link
Author

BTW. the following regex issue is found in your example. I haven't checked if it's actually problematic in the jgit use-case, though.

== Java Exception: com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow: Regular Expression Injection
Regular expression patterns that contain unescaped untrusted input can consume
arbitrary amounts of CPU time. To properly escape the input, wrap it with
Pattern.quote(...).
        at com.code_intelligence.jazzer.sanitizers.RegexInjection.hookInternal(RegexInjection.kt:151)
        at com.code_intelligence.jazzer.sanitizers.RegexInjection.compileWithFlagsHook(RegexInjection.kt:55)
        at org.eclipse.jgit.ignore.internal.Strings.convertGlob(Strings.java:411)
        at org.eclipse.jgit.ignore.internal.WildCardMatcher.<init>(WildCardMatcher.java:31)
        at org.eclipse.jgit.ignore.internal.PathMatcher.createNameMatcher0(PathMatcher.java:146)
        at org.eclipse.jgit.ignore.internal.PathMatcher.createPathMatcher(PathMatcher.java:104)
        at org.eclipse.jgit.attributes.AttributesRule.<init>(AttributesRule.java:122)
        at org.eclipse.jgit.attributes.AttributesNode.parse(AttributesNode.java:79)
        at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
        at java.base/java.lang.reflect.Method.invoke(Method.java:577)
Caused by: java.util.regex.PatternSyntaxException: Unclosed character class near index 2
\\[
  ^
        at java.base/java.util.regex.Pattern.error(Pattern.java:2038)
        at java.base/java.util.regex.Pattern.clazz(Pattern.java:2700)
        at java.base/java.util.regex.Pattern.sequence(Pattern.java:2149)
        at java.base/java.util.regex.Pattern.expr(Pattern.java:2079)
        at java.base/java.util.regex.Pattern.compile(Pattern.java:1793)
        at java.base/java.util.regex.Pattern.<init>(Pattern.java:1440)
        at java.base/java.util.regex.Pattern.compile(Pattern.java:1105)
        at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:731)
        at com.code_intelligence.jazzer.sanitizers.RegexInjection.hookInternal(RegexInjection.kt:142)
        ... 9 more

I will say more, this library has an OOM exception)
Thanks for the fix, I'm waiting for the next maven release

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

autofuzz: Fix logs for bug detector findings CodeIntelligenceTesting/jazzer
2 participants
@bertschneider @freedom1b2830