diff options
| author | 2025-01-07 14:28:37 +0000 | |
|---|---|---|
| committer | 2025-01-10 04:08:54 -0800 | |
| commit | 86988305106c12c2034a8959cd3574f2f8e1ca07 (patch) | |
| tree | d1b19b46934b5072402411f371395679a94c5d20 | |
| parent | e37d99599379bf63e4524b3ea12b2e895761d31f (diff) | |
Pass the correct class loader in the class verifier fuzzer
Bug: 352721437
Test: Follow art/tools/fuzzer/README.md for libart_verify_classes_fuzzerd
Change-Id: If591f5b9fef0b77b4a4fbdd7d6f894af4eb1a56c
| -rw-r--r-- | runtime/fuzzer_corpus_test.cc | 10 | ||||
| -rw-r--r-- | tools/fuzzer/libart_verify_classes_fuzzer.cc | 16 |
2 files changed, 16 insertions, 10 deletions
diff --git a/runtime/fuzzer_corpus_test.cc b/runtime/fuzzer_corpus_test.cc index 6b312d5973..800cf14cc8 100644 --- a/runtime/fuzzer_corpus_test.cc +++ b/runtime/fuzzer_corpus_test.cc @@ -116,12 +116,14 @@ class FuzzerCorpusTest : public CommonRuntimeTest { // Scope for the handles { - art::StackHandleScope<3> scope(soa.Self()); + art::StackHandleScope<4> scope(soa.Self()); art::Handle<art::mirror::ClassLoader> h_loader = scope.NewHandle(soa.Decode<art::mirror::ClassLoader>(class_loader)); art::MutableHandle<art::mirror::Class> h_klass(scope.NewHandle<art::mirror::Class>(nullptr)); art::MutableHandle<art::mirror::DexCache> h_dex_cache( scope.NewHandle<art::mirror::DexCache>(nullptr)); + art::MutableHandle<art::mirror::ClassLoader> h_dex_cache_class_loader = + scope.NewHandle(h_loader.Get()); for (art::ClassAccessor accessor : dex_file.GetClasses()) { h_klass.Assign( @@ -135,13 +137,17 @@ class FuzzerCorpusTest : public CommonRuntimeTest { continue; } h_dex_cache.Assign(h_klass->GetDexCache()); + + // The class loader from the class's dex cache is different from the dex file's class loader + // for boot image classes e.g. java.util.AbstractCollection. + h_dex_cache_class_loader.Assign(h_klass->GetDexCache()->GetClassLoader()); verifier::FailureKind failure = verifier::ClassVerifier::VerifyClass(soa.Self(), /* verifier_deps= */ nullptr, h_dex_cache->GetDexFile(), h_klass, h_dex_cache, - h_loader, + h_dex_cache_class_loader, *h_klass->GetClassDef(), runtime->GetCompilerCallbacks(), verifier::HardFailLogMode::kLogWarning, diff --git a/tools/fuzzer/libart_verify_classes_fuzzer.cc b/tools/fuzzer/libart_verify_classes_fuzzer.cc index 831f29e640..507a8ccf72 100644 --- a/tools/fuzzer/libart_verify_classes_fuzzer.cc +++ b/tools/fuzzer/libart_verify_classes_fuzzer.cc @@ -189,12 +189,14 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { // Scope for the handles { - art::StackHandleScope<3> scope(soa.Self()); + art::StackHandleScope<4> scope(soa.Self()); art::Handle<art::mirror::ClassLoader> h_loader = scope.NewHandle(soa.Decode<art::mirror::ClassLoader>(class_loader)); art::MutableHandle<art::mirror::Class> h_klass(scope.NewHandle<art::mirror::Class>(nullptr)); art::MutableHandle<art::mirror::DexCache> h_dex_cache( scope.NewHandle<art::mirror::DexCache>(nullptr)); + art::MutableHandle<art::mirror::ClassLoader> h_dex_cache_class_loader = + scope.NewHandle(h_loader.Get()); for (art::ClassAccessor accessor : dex_file.GetClasses()) { h_klass.Assign( @@ -205,19 +207,17 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { soa.Self()->ClearException(); continue; } - // TODO(solanes): Figure out why `h_klass->GetDexCache()->GetClassLoader()` is null for - // sun.misc.Unsafe. - if (h_klass->GetDexCache()->GetClassLoader() == nullptr) { - continue; - } - h_dex_cache.Assign(h_klass->GetDexCache()); + + // The class loader from the class's dex cache is different from the dex file's class loader + // for boot image classes e.g. java.util.AbstractCollection. + h_dex_cache_class_loader.Assign(h_klass->GetDexCache()->GetClassLoader()); art::verifier::ClassVerifier::VerifyClass(soa.Self(), /* verifier_deps= */ nullptr, h_dex_cache->GetDexFile(), h_klass, h_dex_cache, - h_loader, + h_dex_cache_class_loader, *h_klass->GetClassDef(), runtime->GetCompilerCallbacks(), art::verifier::HardFailLogMode::kLogWarning, |