Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OSS-Fuzz integration #135

Open
fmeum opened this issue Apr 11, 2021 · 2 comments
Open

OSS-Fuzz integration #135

fmeum opened this issue Apr 11, 2021 · 2 comments

Comments

@fmeum
Copy link

fmeum commented Apr 11, 2021

OSS-Fuzz now offers support for fuzzing Java projects with Jazzer. If you are interested, I could set up re2j in OSS-Fuzz.

By default, Jazzer would detect undeclared exceptions (i.e. those that are not PatternSyntaxExceptions) as well as more serious, potentially DoSable issues such as OutOfMemoryErrors. In order to come up with a good fuzz target, it would be helpful for me to get a better understanding of the security guarantees re2j intends to offer. The parent project's fuzzer could serve as a starting point for that discussion. Depending on your particular security goals, it could also make sense to perform differential fuzzing, i.e., to use a fuzzer to confirm that re2 and re2j behave identically on the common subset of their features.
@fmeum
Copy link
Author

fmeum commented May 5, 2021

@sjamesr Are you interested in the integration? It wouldn't require any work on your part, you would just need to sign off on the PR I submit to the OSS-Fuzz repo.

@schirrmacher
Copy link

I think it is a good idea to integrate fuzz tests for this library. I made a short run and found a null pointer:

Pattern.compile("..|.#|..")
=> Method threw 'java.lang.NullPointerException' exception.

@schirrmacher schirrmacher mentioned this issue Oct 8, 2021
Closed
sjamesr added a commit to sjamesr/re2j that referenced this issue Oct 8, 2021
@sjamesr
Fix NullPointerException in Parser#factor
1b8a058 
The corresponding Go implementation relies on len(nilArray) being zero.

This issue was identified by the OSS-Fuzz integration effort described
in google#135.
@sjamesr sjamesr mentioned this issue Oct 8, 2021
Merged
sjamesr added a commit to sjamesr/re2j that referenced this issue Oct 9, 2021
@sjamesr
Fix NullPointerException in Parser#factor
f482d8d 
The corresponding Go implementation relies on len(nilArray) being zero.

This issue was identified by the OSS-Fuzz integration effort described
in google#135.
sjamesr added a commit to sjamesr/re2j that referenced this issue Jun 26, 2022
@sjamesr
Fix NullPointerException in Parser#factor
d866394 
The corresponding Go implementation relies on len(nilArray) being zero.

This issue was identified by the OSS-Fuzz integration effort described
in google#135.
sjamesr added a commit to sjamesr/re2j that referenced this issue Jun 26, 2022
@sjamesr
Fix NullPointerException in Parser#factor
d49148e 
The corresponding Go implementation relies on len(nilArray) being zero.

This issue was identified by the OSS-Fuzz integration effort described
in google#135.
sjamesr added a commit that referenced this issue Jun 27, 2022
@sjamesr
Fix NullPointerException in Parser#factor (#149)
a664824 
The corresponding Go implementation relies on len(nilArray) being zero.

This issue was identified by the OSS-Fuzz integration effort described
in #135.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fmeum @schirrmacher