Skip to content

Commit 13929a3

Browse files
oetroetr
committed
BREAKING feat: use mutation framework for single-byte[] fuzz tests
1 parent 945c0e4 commit 13929a3

File tree

2 files changed

+9
-2
lines changed

2 files changed

+9
-2
lines changed

src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetRunner.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -140,7 +140,7 @@ public final class FuzzTargetRunner {
140140
useMutatorFramework =
141141
Opt.mutatorFramework.get()
142142
&& Opt.autofuzz.get().isEmpty()
143-
&& !(fuzzTarget.usesPrimitiveByteArray() || fuzzTarget.usesFuzzedDataProvider());
143+
&& !fuzzTarget.usesFuzzedDataProvider();
144144

145145
useFuzzedDataProvider = fuzzTarget.usesFuzzedDataProvider();
146146
if (!useFuzzedDataProvider && IS_ANDROID) {

src/main/java/com/code_intelligence/jazzer/mutation/mutator/lang/PrimitiveArrayMutatorFactory.java

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,8 @@ public Optional<SerializingMutator<?>> tryCreate(
7373
public static final class PrimitiveArrayMutator<T> extends SerializingMutator<T> {
7474
private static final int DEFAULT_MIN_LENGTH = 0;
7575
private static final int DEFAULT_MAX_LENGTH = 1000;
76+
// This default is chosen to match libFuzzer's default max length for byte arrays.
77+
private static final int DEFAULT_BYTE_ARRAY_MAX_LENGTH = 4096;
7678
private static final Charset FUZZED_DATA_CHARSET = Charset.forName("CESU-8");
7779
private long minRange;
7880
private long maxRange;
@@ -216,7 +218,12 @@ private void extractRange(AnnotatedType type) {
216218
private void extractLength(AnnotatedType type) {
217219
Optional<WithLength> withLength = Optional.ofNullable(type.getAnnotation(WithLength.class));
218220
minLength = withLength.map(WithLength::min).orElse(DEFAULT_MIN_LENGTH);
219-
maxLength = withLength.map(WithLength::max).orElse(DEFAULT_MAX_LENGTH);
221+
// Different default max lengths for byte[] and other primitive arrays to match libFuzzer.
222+
int defaultMaxLength =
223+
type.getType().getTypeName().equals("byte")
224+
? DEFAULT_BYTE_ARRAY_MAX_LENGTH
225+
: DEFAULT_MAX_LENGTH;
226+
maxLength = withLength.map(WithLength::max).orElse(defaultMaxLength);
220227
}
221228

222229
private AnnotatedType convertWithLength(AnnotatedType type, AnnotatedType newType) {

0 commit comments

Comments
 (0)