diff options
| -rw-r--r-- | tools/fuzzer/Android.bp | 19 | ||||
| -rw-r--r-- | tools/fuzzer/libart_verify_classes_fuzzer.cc | 17 |
2 files changed, 33 insertions, 3 deletions
diff --git a/tools/fuzzer/Android.bp b/tools/fuzzer/Android.bp index 45c4c4aad0..d74c0f31ad 100644 --- a/tools/fuzzer/Android.bp +++ b/tools/fuzzer/Android.bp @@ -66,7 +66,6 @@ cc_defaults { srcs: ["libart_verify_classes_fuzzer.cc"], defaults: [ - "art_defaults", "libart_fuzzer-defaults", ], @@ -116,11 +115,25 @@ cc_fuzz { } cc_fuzz { - // TODO Add a debug version name: "libart_verify_classes_fuzzer", defaults: [ - "libart_verify_classes_fuzzer-defaults", + "art_defaults", "libart_static_defaults", + "libart_verify_classes_fuzzer-defaults", + ], + // Can not be in defaults due to soong limitations. + device_common_corpus: [ + ":art_runtest_corpus", + "class-verifier-corpus/*", + ], +} + +cc_fuzz { + name: "libart_verify_classes_fuzzerd", + defaults: [ + "art_debug_defaults", + "libartd_static_defaults", + "libart_verify_classes_fuzzer-defaults", ], // Can not be in defaults due to soong limitations. device_common_corpus: [ diff --git a/tools/fuzzer/libart_verify_classes_fuzzer.cc b/tools/fuzzer/libart_verify_classes_fuzzer.cc index 13abd7c613..831f29e640 100644 --- a/tools/fuzzer/libart_verify_classes_fuzzer.cc +++ b/tools/fuzzer/libart_verify_classes_fuzzer.cc @@ -28,6 +28,7 @@ #include "jni/java_vm_ext.h" #include "noop_compiler_callbacks.h" #include "runtime.h" +#include "runtime_intrinsics.h" #include "scoped_thread_state_change-inl.h" #include "verifier/class_verifier.h" #include "well_known_classes.h" @@ -138,6 +139,16 @@ extern "C" int LLVMFuzzerInitialize([[maybe_unused]] int* argc, [[maybe_unused]] art::Thread::Current()->TransitionFromRunnableToSuspended(art::ThreadState::kNative); + { + art::ScopedObjectAccess soa(art::Thread::Current()); + art::Runtime::Current()->GetClassLinker()->RunEarlyRootClinits(soa.Self()); + art::InitializeIntrinsics(); + art::Runtime::Current()->RunRootClinits(soa.Self()); + } + + // Check for heap corruption before running the fuzzer. + art::Runtime::Current()->GetHeap()->VerifyHeap(); + // Query the current stack and add it to the global variable. Otherwise LSAN complains about a // non-existing leak. stack_t ss; @@ -194,6 +205,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { soa.Self()->ClearException(); continue; } + // TODO(solanes): Figure out why `h_klass->GetDexCache()->GetClassLoader()` is null for + // sun.misc.Unsafe. + if (h_klass->GetDexCache()->GetClassLoader() == nullptr) { + continue; + } + h_dex_cache.Assign(h_klass->GetDexCache()); art::verifier::ClassVerifier::VerifyClass(soa.Self(), /* verifier_deps= */ nullptr, |