New issue
Advanced search Search tips

Issue 618323 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner:
Closed: Aug 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Direct-leak in FX_AllocOrDie

Project Member Reported by ClusterFuzz, Jun 8 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5806177384660992

Fuzzer: libfuzzer_pdf_codec_png_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  FX_AllocOrDie
  gif_decode_extension
  gif_get_frame
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96w-SkKyE3-TYnD8r2ZxP4WBtGOETOIUkUsHYFaeQ1lt2B7K4m8svLEBPqj5yDV1t8YAz4-NIHgZ3B-df3ke5Uwy4_SghdiOdTn8lk6qpvxyzziHiOv5-jqULL1qRnDhbY1zg0jc8cBNVk-cGomzYnu-k80mQ


Filer: ashejole

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
 
Components: Tools>Test>FindIt>NoResult
Labels: Needs-triage Te-Logged
Status: Untriaged (was: Available)
Status: Available (was: Untriaged)
Project Member

Comment 3 by ClusterFuzz, Jul 14 2016

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6639897826033664

Fuzzer: libfuzzer_pdf_codec_gif_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  FX_AllocOrDie
  gif_decode_extension
  gif_get_frame
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97epq8ky-4KdLBW9668cNOTplSaFo_yRPwanNKP9rKL7iXSKIOpQo-DQaNl8cYOgeLRV9Ixi4GVpL2Xpo2yv_0kf9Vod1tyTVyx-LIDKmefkh98F_Y3vJzMihSbya7PR4y2m5-fZ4GCO1MTaOzGsMWpn8LJxA?testcase_id=6639897826033664


Filer: mmohammad

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
 Issue 628012  has been merged into this issue.
Project Member

Comment 5 by ClusterFuzz, Jul 15 2016

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6610349726105600

Fuzzer: libfuzzer_pdf_codec_gif_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  FX_AllocOrDie
  gif_decode_extension
  gif_get_frame
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97eTbhyVI2T1t5N7p30kvFK5dtZpkGPjrz105dD-Pj7amZ-GDl-Q9liHThfmntPAg323Tp6xattqx5Cw2shwxNX94peJkKx8fTAaFk5OrqB7tMGh1Am74EjJ84BiIZRqRENCcmg_wKPyMdY1f01xrp6rZ82eg?testcase_id=6610349726105600


Filer: mmohammad

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
Components: Internals>Plugins>PDF
Labels: -Needs-triage
Project Member

Comment 8 by ClusterFuzz, Jul 29 2016

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5938509676544000

Fuzzer: libfuzzer_pdf_codec_gif_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  FX_AllocOrDie
  gif_decode_extension
  gif_get_frame
  

Minimized Testcase (0.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96fO5DaA5M87c6J8Q6oEJ4R292Ucd-fESTX54Uhx2CtbyCRvhZqtH7fdhkOeHbhQyMIFQjsLrhqJqgeXwlJbccF1DJuFwaCp6LKIhtsPGI4TiGxZ7AG5M5horMAngRJ0SQE6Grybo0hsU5s4T6wKZBzJAZfcg?testcase_id=5938509676544000

Filer: mmohammad

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
Owner: dsinclair@chromium.org
GIF version of  bug 633381 ?
Cc: dsinclair@chromium.org
Owner: och...@chromium.org
I can't seem to repro this locally, but, all of the test file seem to be either empty or a space. It looks like there is GIF data by the output text, but not in the repo file?

ochang@, is this something weird clusterfuzz is doing?
could you try running this the ASAN_OPTIONS env var set to "detect_leaks=1" ?

i.e. ASAN_OPTIONS=detect_leaks=1 ./pdf_codec_gif_fuzzer ...
And make sure lsan is turned on in GN args.

Locally I have an ASAN/LSAN build:

use_goma = true
is_debug = false
pdf_use_skia = false
pdf_enable_xfa = true
pdf_enable_v8 = true
pdf_is_standalone = true
is_asan = true
is_lsan = true

ASAN_OPTIONS="detect_leaks=1 symbolize=1 external_symbolizer_path=/full/path/to/chrome.git/src/third_party/llvm-build/Release+Asserts/bin/llvm-symbolizer" ./out/lsan/pdfium_test /path/to/test.pdf
With the above gn settings ad the ASANO_OPTIONS I still don't get any leaks when running the example.

Is it expected that the repro file is empty? The text of the report looks like it references GIF data, but the files themselves are empty?
Status: WontFix (was: Available)
Oh, this is a bug on CF, thanks for pointing that out.

I'll close this bug as WontFix and delete the CF testcase so that it can be filed again properly once it's fixed.
Components: -Tools>Test>FindIt>NoResult
Project Member

Comment 17 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment