Based on this issue - "617659"

@dsinclair: Could you please have a look into this issue.

Thank you.

ochang@, I'm not sure what to do with this. Increasing the memory amount and the test runs fine. Running pdf_codec_bmp_fuzzer under valgrind with the same test file and there are no leaks. Do we need to tell libfuzzer to use a bit more memory, or is there something I'm missing with the way the msan stuff works?

If this isn't a real OOM, we should just WontFix it. 

How is it possible that 0.08 Kb input requires 3GB of memory? We are getting other similar crashes, for example (0.15KB): https://cluster-fuzz.appspot.com/testcase?key=5844111657795584

I'd agree that it is not a bug if we speak about some programming language, like "uint64_t* a = new uint64_t[1000000000]", that will cause OOM but it is not a bug.

Are you sure that it is not a bug?

Temporarily re-opening this to attach one more report and to get your answer. Please feel free to close if you are sure that this is expected behavior.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5844111657795584

Fuzzer: libfuzzer_pdf_codec_bmp_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Out-of-memory
Crash Address: 
Crash State:
  pdf_codec_bmp_fuzzer
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=398314:399191

Minimized Testcase (0.15 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96JLhJvGfo7HiP7HvcsBXGVT2R9dXmo-xH7RbV1eZIs9MQLA38T1Sn9h9tj4Xt0qx1uaWmNe37wo3dO3AJ9rZqE0EyTJ6UhOt5TeCL7kXQZYteORMUwT37N404iiJrtSL_Z3WYJke0zOyLuRaxca6t9qjPLMg?testcase_id=5844111657795584

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

For the test case of original report and comment 6, they are both a bmp with width=36900,height=7176.

When create the image, it needs to allocate 1059177604 bytes. Pdfium already has a mechanism to handle such a huge allocation.
https://cs.chromium.org/chromium/src/third_party/pdfium/core/fxge/dib/fx_dib_main.cpp?q=_MAX_OOM_LIMIT_&sq=package:chromium&l=96
It expects calloc return null, but msan crashed.

I have tried MSAN_OPTIONS=allocator_may_return_null=1 but it doesn't help.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 442197:442204.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5844111657795584

Fuzzer: libfuzzer_pdf_codec_bmp_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Out-of-memory (exceeds 3000 MB)
Crash Address: 
Crash State:
  pdf_codec_bmp_fuzzer
  
Sanitizer: memory (MSAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=398314:399191
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=442197:442204

Minimized Testcase (0.15 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96JLhJvGfo7HiP7HvcsBXGVT2R9dXmo-xH7RbV1eZIs9MQLA38T1Sn9h9tj4Xt0qx1uaWmNe37wo3dO3AJ9rZqE0EyTJ6UhOt5TeCL7kXQZYteORMUwT37N404iiJrtSL_Z3WYJke0zOyLuRaxca6t9qjPLMg?testcase_id=5844111657795584

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5844111657795584 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.