Menu
Google’s OSS-Fuzz extends fuzzing to Java apps

Google’s OSS-Fuzz extends fuzzing to Java apps

Tech giant's open source fuzz testing project draws on Code Intelligence’s Jazzer to add support for Java and other JVM languages

Comments
Credit: Dreamstime

Google’s open source fuzz-testing service, OSS-Fuzz, now supports applications written in Java and JVM-based languages. The capability was announced on March 10.

OSS-Fuzz provides continuous fuzzing for open source software. A technique for finding programming errors and security vulnerabilities in software, fuzzing involves sending a stream of semi-random and invalid input to a program. Fuzzing code written in memory-safe languages such as JVM languages can find bugs that cause programs to crash or behave incorrectly.

Google enabled fuzzing for Java and the JVM by integrating OSS-Fuzz with the Jazzer fuzzer from Code Intelligence. Jazzer enables users to fuzz code written in JVM-based languages via the LLVM project’s libFuzzer, an in-process, coverage-guided fuzzing engine, similar to how this has been done for C/C++ code.

Languages supported by Jazzer include Java, Clojure, Kotlin, and Scala. Code coverage feedback is provided from JVM bytecode to libFuzzer, with Jazzer supporting libFuzzer features including:

  • FuzzedDataProvider, for fuzzing code that does not accept an array of bytes.
  • Evaluation of code coverage based on 8-bit edge counters.
  • Minimisation of crashing inputs.
  • Value profiles.

Google has provided documentation on adding open source projects written in JVM languages to OSS-Fuzz. Plans call for Jazzer to support all lIbFuzzer features eventually.

Jazzer also can provide coverage feedback from native code executed through the Java Native Interface. This can uncover memory corruption vulnerabilities in memory-unsafe native code. OSS-Fuzz also lists languages such as Go, Python, C/C++, and Rust as supported languages.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Google

Events

SustainTech

Join key decision-makers within Environmental, Social, and Governance (ESG) that have the power to affect real change and drive sustainable practices. SustainTech will bridge the gap between ambition and tangible action, promoting strategies that attendees can use in their day-to-day operations within their business.

EDGE 2023

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.

WIICTA 2023

ARN has celebrated gender diversity and recognised female excellence across the Australian tech channel since first launching WIICTA in 2012, acknowledging the achievements of a talented group of female front runners who have become influential figures across the local industry.

ARN Innovation Awards 2023

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

Brand Post

Show Comments