Strange that the bug is untriaged for 2+ weeks.

The testcase:
 DETACH randomblob(6e8)


wants to generate 600 MB of random data, so ASan build uses 1,200+ MB, while MSan exceeds OOM limit.



another case I hit locally pretty quickly:

$ cat oom-aacb833e0f5761d24d85430592fcbfa31e7bc72d | xxd
00000000: bc53 454c 4543 5420 7072 696e 7466 2827  .SELECT printf('
00000010: 0a25 2a65 202d 2022 6122 2c62 2220 272c  .%*e - "a",b" ',
00000020: 3545 3929                                5E9)

no idea what does the query mean, but 5e9 is 5 billion and this number leads to a huge memory consumption.

I think we can try to find for patterns like:
\d+[eE]\d+

and replace the trailing number with "<zero_padding>1".

Hm, to keep things simpler, it would be better return 0 for inputs with these large numbers, like we do for inputs with REGEXP keyword: https://cs.chromium.org/chromium/src/testing/libfuzzer/fuzzers/sqlite3_prepare_v2_fuzzer.cc?l=41

No, it seems to be hard and stupid solution.

I hope there are ways to restrict memory usage of sqlite3 (https://www.sqlite.org/c3ref/soft_heap_limit64.html) that could help to avoid large allocations.

Hm, that's a soft limit which doesn't lead to SQLITE_NOMEM error :/

sqlite3_limit(db,SQLITE_LIMIT_LENGTH,size) from https://www.sqlite.org/limits.html

seems to be working for me

Will upload a CL soon (+ will move the fuzzer to third_party/sqlite)

https://codereview.chromium.org/2497603002/

Also did the same change on oss-fuzz.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/947d0b893e2af8923bb86eb3e849e25d4dff710d

commit 947d0b893e2af8923bb86eb3e849e25d4dff710d
Author: mmoroz <mmoroz@chromium.org>
Date: Fri Nov 11 17:45:37 2016

Limit memory usage for sqlite3 fuzzer + move it to sqlite dir.

R=aizatsky@chromium.org, kcc@chromium.org, ochang@chromium.org, shess@chromium.org
BUG= 657486 

Review-Url: https://codereview.chromium.org/2497603002
Cr-Commit-Position: refs/heads/master@{#431589}

[modify] https://crrev.com/947d0b893e2af8923bb86eb3e849e25d4dff710d/testing/libfuzzer/fuzzers/BUILD.gn
[modify] https://crrev.com/947d0b893e2af8923bb86eb3e849e25d4dff710d/third_party/sqlite/BUILD.gn
[rename] https://crrev.com/947d0b893e2af8923bb86eb3e849e25d4dff710d/third_party/sqlite/fuzz/sqlite3_prepare_v2_fuzzer.cc
[rename] https://crrev.com/947d0b893e2af8923bb86eb3e849e25d4dff710d/third_party/sqlite/fuzz/sqlite3_prepare_v2_fuzzer.dict

ClusterFuzz has detected this issue as fixed in range 431586:431621.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6567498143236096

Fuzzer: libfuzzer_sqlite3_prepare_v2_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Out-of-memory
Crash Address: 
Crash State:
  sqlite3_prepare_v2_fuzzer
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=431586:431621

Minimized Testcase (0.02 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96EO5O8RLNaBiGvnwfmxLPoYf8R9gtHLIrAmxW-ZIrAFj8w3uggnKA6QQ1Fsc2BkFV1p5W_nmpGa0qnQAoggk7UhpXfsI2If1kz42fnJ2Kn2vPn7Se7pY6btswdfUjoGyJg90bflzDd0wJC8AvlIN4FfGGi5Q?testcase_id=6567498143236096
 DETACH randomblob(6e8)


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot