Native memory sanitizer throws error for Jazzer

[Marcono1234]

Unsafe Sanitizer version

80cb8a6

Agent settings

Agent installation:

• At JVM start (-javaagent)
• At runtime (UnsafeSanitizer.installAgent(...))

Settings:

• global-native-memory-sanitizer: true
• uninitialized-memory-tracking: true
• error-action: throw

Java version

Java 17 Temurin

Description

Using -javaagent (through Maven Surefire's <argLine>) and global native memory sanitization with Jazzer reports bad memory access directly at the start:

marcono1234.unsafe_sanitizer.agent_impl.BadMemoryAccessError: Invalid address: 0
        at marcono1234.unsafe_sanitizer.agent_impl.BadMemoryAccessError.reportError(BadMemoryAccessError.java:35)
        at marcono1234.unsafe_sanitizer.agent_impl.MemoryTracker.onAccess(MemoryTracker.java:216)
        at marcono1234.unsafe_sanitizer.agent_impl.UnsafeSanitizerImpl.onAccess(UnsafeSanitizerImpl.java:362)
        at marcono1234.unsafe_sanitizer.agent_impl.UnsafeSanitizerImpl.onWriteAccess(UnsafeSanitizerImpl.java:355)
        at marcono1234.unsafe_sanitizer.agent_impl.UnsafeSanitizerImpl.onCopy(UnsafeSanitizerImpl.java:383)
        at jdk.unsupported/sun.misc.Unsafe.copyMemory(Unsafe.java:573)
        at com.code_intelligence.jazzer.driver.FuzzedDataProviderImpl.allocateNativeCopy(FuzzedDataProviderImpl.java:134)
        at com.code_intelligence.jazzer.driver.FuzzedDataProviderImpl.withJavaData(FuzzedDataProviderImpl.java:59)
        at com.code_intelligence.jazzer.junit.FuzzedDataProviderSeedSerializer.read(SeedSerializer.java:81)
        at com.code_intelligence.jazzer.junit.SeedArgumentsProvider.lambda$provideArguments$0(SeedArgumentsProvider.java:74)

(using Jazzer's @FuzzTest with JAZZER_FUZZ=1; jazzer-junit 0.22.1)

The code in Jazzer seems to copy the content of a byte[] to native memory (source). Based on the memory access error above, most likely an empty byte[] is used, which causes a Unsafe.allocateMemory(0) call which returns 0. And that is then used as destination address for Unsafe#copyMemory.

It seems this has no effect because Unsafe#copyMemory does not perform copying if bytes == 0.

So maybe Unsafe Sanitizer should be more lenient when bytes == 0 for copyMemory (and possibly other methods as well)?