fix: handle null values in Arrays.equal/compare hooks

simonresch · simonresch · commit c1609a366b72 · 2025-11-20T15:46:57.000+01:00
`null` arrays would crash in the `Arrays.equal` and `Arrays.compare`
hooks.
diff --git a/src/main/java/com/code_intelligence/jazzer/runtime/TraceCmpHooks.java b/src/main/java/com/code_intelligence/jazzer/runtime/TraceCmpHooks.java
@@ -744,6 +744,7 @@ public static void arraysEquals(
     if (returnValue) return;
     byte[] first = (byte[]) arguments[0];
     byte[] second = (byte[]) arguments[1];
+    if (first == null || second == null) return;
     TraceDataFlowNativeCallbacks.traceMemcmp(first, second, 1, hookId);
   }
 
@@ -777,6 +778,7 @@ public static void arraysCompare(
     if (returnValue == 0) return;
     byte[] first = (byte[]) arguments[0];
     byte[] second = (byte[]) arguments[1];
+    if (first == null || second == null) return;
     TraceDataFlowNativeCallbacks.traceMemcmp(first, second, returnValue, hookId);
   }
 
diff --git a/src/test/java/com/code_intelligence/jazzer/runtime/TraceCmpHooksTest.java b/src/test/java/com/code_intelligence/jazzer/runtime/TraceCmpHooksTest.java
@@ -52,4 +52,13 @@ public void cmpHookShouldHandleConcurrentModifications() throws InterruptedExcep
     // noinspection ResultOfMethodCallIgnored
     ES.awaitTermination(5, TimeUnit.SECONDS);
   }
+
+  @Test
+  public void handlesNullValuesInArrayCompare() {
+    byte[] b1 = new byte[10];
+    byte[] b2 = null;
+    // Make sure we don't crash the JVM on null arrays.
+    TraceCmpHooks.arraysEquals(null, null, new Object[] {b1, b2}, 1, false);
+    TraceCmpHooks.arraysCompare(null, null, new Object[] {b1, b2}, 1, 1);
+  }
 }

Original file line number	Diff line number	Diff line change
`@@ -744,6 +744,7 @@ public static void arraysEquals(`
`744`	`744`	`if (returnValue) return;`
`745`	`745`	`byte[] first = (byte[]) arguments[0];`
`746`	`746`	`byte[] second = (byte[]) arguments[1];`
	`747`	`+ if (first == null \|\| second == null) return;`
`747`	`748`	`TraceDataFlowNativeCallbacks.traceMemcmp(first, second, 1, hookId);`
`748`	`749`	`}`
`749`	`750`
`@@ -777,6 +778,7 @@ public static void arraysCompare(`
`777`	`778`	`if (returnValue == 0) return;`
`778`	`779`	`byte[] first = (byte[]) arguments[0];`
`779`	`780`	`byte[] second = (byte[]) arguments[1];`
	`781`	`+ if (first == null \|\| second == null) return;`
`780`	`782`	`TraceDataFlowNativeCallbacks.traceMemcmp(first, second, returnValue, hookId);`
`781`	`783`	`}`
`782`	`784`
Original file line number	Diff line number	Diff line change
`@@ -52,4 +52,13 @@ public void cmpHookShouldHandleConcurrentModifications() throws InterruptedExcep`
`52`	`52`	`// noinspection ResultOfMethodCallIgnored`
`53`	`53`	`ES.awaitTermination(5, TimeUnit.SECONDS);`
`54`	`54`	`}`
	`55`	`+`
	`56`	`+ @Test`
	`57`	`+ public void handlesNullValuesInArrayCompare() {`
	`58`	`+ byte[] b1 = new byte[10];`
	`59`	`+ byte[] b2 = null;`
	`60`	`+ // Make sure we don't crash the JVM on null arrays.`
	`61`	`+ TraceCmpHooks.arraysEquals(null, null, new Object[] {b1, b2}, 1, false);`
	`62`	`+ TraceCmpHooks.arraysCompare(null, null, new Object[] {b1, b2}, 1, 1);`
	`63`	`+ }`
`55`	`64`	`}`