New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 677048 link

Starred by 2 users
Status: WontFix
Owner:
hbos@chromium.org
Closed: Jan 2017
Cc:
emadomara@chromium.org
webrtc-network-bugs@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Android , Mac
Pri: 2
Type: Bug



Sign in to add a comment

0 == pthread_create(&thread_, &attr, &StartThread, this) in platform_thread.cc

Project Member Reported by ClusterFuzz, Dec 26 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6278768525312000

Fuzzer: inferno_twister
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: CHECK failure
Crash Address: 
Crash State:
  0 == pthread_create(&thread_, &attr, &StartThread, this) in platform_thread.cc
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=427006:427174

Minimized Testcase (0.62 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96ygWJA_woWAKTyzQXEEFhibZ7klEZpIp1IzAml5_gH8XqvjKkBx-XAiL9xEMFXMS4ulFsC6R_pWyuaOxrRXGNcs4yFapoRB8JOI3I-PhPVM8hHin9OvTmKXHuQ7S4Gh9m6fXbQ-Sv9R4U5n3xvj8sE4LW6Uw?testcase_id=6278768525312000

Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by erikc...@chromium.org, Dec 27 2016

Components: Internals>WebRTC

Comment 2 by erikc...@chromium.org, Dec 27 2016

Components: Blink>WebRTC

Comment 3 by guidou@chromium.org, Jan 3 2017

Owner: hbos@chromium.org
Status: Assigned (was: Untriaged)
hbos@: can you take a look at this? the report has very little information, so feel free to reassign if not really Blink/WebRTC related.

Comment 4 by hbos@chromium.org, Jan 3 2017

Labels: -Pri-1 Pri-2
It fails to create a thread because of error EAGAIN (35): "The process lacks the resources to create another thread, or the total number of threads in a process would exceed PTHREAD_THREADS_MAX."

The test case contains this javascript:

        var __v_30 = function () {
            pc = new webkitRTCPeerConnection();
        };
        for (var __v_40 = 0; __v_40 < 458628385887241715542551897213945778279081809846651484219485977341848560693154989058393712527527482970555553832094487862869554529152741020125354799060946007784902399073841394341713627879805652250371837862260183382928933345045110396512336022403680975219982885778225477562163944338697868756646231687492189773988689804868647534649904207231193674955484246849348848399533020395358665120272416260964483907432714773435115698698127217394742978758778701799499395; __v_40++)
            __v_30();

So basically it's just creating peer connections (which create threads) in a loop until it crashes because it runs out of resources.

Is this a WontFix or are we supposed to fail in a non-crashy fashion in cases like this?

Comment 5 by hbos@chromium.org, Jan 3 2017

Status: WontFix (was: Assigned)
Project Member

Comment 6 by ClusterFuzz, Mar 16 2017

Labels: OS-Android
Project Member

Comment 7 by ClusterFuzz, May 25 2017 

ClusterFuzz has detected this issue as fixed in range 474222:474249.

Detailed report: https://clusterfuzz.com/testcase?key=6278768525312000

Fuzzer: inferno_twister
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: CHECK failure
Crash Address: 
Crash State:
  0 == pthread_create(&thread_, &attr, &StartThread, this) in platform_thread.cc
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=427006:427174
Fixed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=474222:474249

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6278768525312000


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment