In Autofuzz-Mode there can be problematic scenarios when instances of BigInteger are being generated. This is for example the case when the BigInteger(int,int,Random) constructor is being traversed, as it can take forever to compute a value.
The following stack trace illustrates the issue:
at java.math.BigInteger.<init>(java.base@26/BigInteger.java:798)
at java.lang.invoke.LambdaForm$DMH/0x0000000057132400.newInvokeSpecial(java.base@26/LambdaForm$DMH)
at java.lang.invoke.LambdaForm$MH/0x0000000057133400.invoke(java.base@26/LambdaForm$MH)
at java.lang.invoke.LambdaForm$MH/0x0000000057053800.invokeExact_MT(java.base@26/LambdaForm$MH)
at jdk.internal.reflect.DirectConstructorHandleAccessor.invokeImpl(java.base@26/DirectConstructorHandleAccessor.java:89)
at jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(java.base@26/DirectConstructorHandleAccessor.java:62)
at java.lang.reflect.Constructor.newInstanceWithCaller(java.base@26/Constructor.java:499)
at java.lang.reflect.Constructor.newInstance(java.base@26/Constructor.java:483)
at com.code_intelligence.jazzer.autofuzz.Meta.autofuzz(Meta.java:359)
at com.code_intelligence.jazzer.autofuzz.Meta.autofuzzForConsume(Meta.java:314)
at com.code_intelligence.jazzer.autofuzz.Meta.consume(Meta.java:683)
at com.code_intelligence.jazzer.autofuzz.Meta.lambda$consumeArguments$0(Meta.java:807)
at com.code_intelligence.jazzer.autofuzz.Meta$$Lambda/0x0000000057119428.apply(Unknown Source)
A mitigation could be to have a (configurable) deny-list in place for the constructor discovery, so that constructors with this and similar undesired side-effects are not considered during testing.
In Autofuzz-Mode there can be problematic scenarios when instances of
BigIntegerare being generated. This is for example the case when theBigInteger(int,int,Random)constructor is being traversed, as it can take forever to compute a value.The following stack trace illustrates the issue:
A mitigation could be to have a (configurable) deny-list in place for the constructor discovery, so that constructors with this and similar undesired side-effects are not considered during testing.