New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 709425 link

Starred by 1 user
Status: WontFix
Owner:
dsinclair@chromium.org
Closed: Apr 2017
Cc:
msrchandra@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Out-of-memory in pdfium_xfa_fuzzer

Project Member Reported by ClusterFuzz, Apr 7 2017

Comment 1 by msrchandra@chromium.org, Apr 7 2017

Cc: msrchandra@chromium.org
Labels: Test-Predator-Wrong M-59
Owner: dsinclair@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL did not find any possible suspects.
Using Code Search for the file, "pdfium_xfa_fuzzer" assigning to the concern owner.
Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/034ca9381180401b9b25eac088babf7fdae847d8

@dsinclair -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.
Project Member

Comment 2 by ClusterFuzz, Apr 8 2017 

ClusterFuzz has detected this issue as fixed in range 462804:462820.

Detailed report: https://clusterfuzz.com/testcase?key=4800177618812928

Fuzzer: libfuzzer_pdfium_xfa_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  pdfium_xfa_fuzzer
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=462791:462804
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=462804:462820

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94PwLHDlV9AXvnj7LgyJx2z6A16UORXC0ncSh1zqGQs90iWYsN9Rvx7ZQY61QyeMQwLlFMYvkJ88GJ4_AYQ12FRhz23XLCd_uidxY7XEE2Wyy61vgVMwmyGVPxuJrJmpKHu-m1pvyGmJYERzR9D1kF7R7iBRD6Jgnhe7ThhrzHKpBAv88jSdggjcEO5prDnxuxQKoLGQN3gz2__25Srh5gyI_FQ634GMXoOk2UP5UYjvvQepuBGrSdXBInqvBbiwyreBGrgMhDfwAT7G9V8hpI1nJqMpFfWV7RJDn6xGOGhfn0JjqC-b4YqZiJ5U5L9p4jFbn5RJZHbtTEP8tLwjWbu_b_xuGG7_EMvTJIkxjils8PmnFs?testcase_id=4800177618812928


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 3 by ClusterFuzz, Apr 8 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 4800177618812928 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 4 by dsinclair@chromium.org, Apr 10 2017

Labels: ClusterFuzz-Wrong
Status: Assigned (was: Verified)
Appears to be flaky, even locally.

Comment 5 by dsinclair@chromium.org, Apr 10 2017

Status: WontFix (was: Assigned)
I'm not sure if there is anything we can do here. The PDF requests a page that is quite large (224 x 792,792). We then request a Bitmap for that image which is 723,854,102B. That, in itself, is fine and the allocation proceeds. We just sometimes seem to use the rest of the memory in other allocations.

Dropping the page height down an order of magnitude and I'm not able to trigger the issue anymore.

Comment 6 by thestig@chromium.org, May 15 2017

Components: Internals>Plugins>PDF

Comment 7 by infe...@chromium.org, Sep 18 2017

Labels: -ClusterFuzz-Wrong
We have made a bunch of changes on ClusterFuzz side, so resetting ClusterFuzz-Wrong label.

Sign in to add a comment