out of memory error in chrome
Reported by
qflb...@gmail.com,
Jun 22 2017
|
|||||
Issue description
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.86 Safari/537.36
Steps to reproduce the problem:
1. chrome poc.html
What is the expected behavior?
denial of service
What went wrong?
==3507==ERROR: AddressSanitizer failed to allocate 0x3e226000 (1042440192) bytes of LargeMmapAllocator (error code: 12)
==3507==Process memory map follows:
0x00007fff7000-0x00008fff7000
0x00008fff7000-0x02008fff7000
0x02008fff7000-0x10004192e000
...
============================================================================================
==3507==WARNING: Failed to use and restart external symbolizer!
#0 0x5555586504a6 (/home/a/Downloads/asan-linux-release-480698/chrome+0x30fc4a6) _ZN6__asanL15AsanCheckFailedEPKciS1_yy
#1 0x555558662adf (/home/a/Downloads/asan-linux-release-480698/chrome+0x310eadf) _ZN11__sanitizer11CheckFailedEPKciS1_yy
#2 0x55555865626e (/home/a/Downloads/asan-linux-release-480698/chrome+0x310226e) _ZN11__sanitizer23ReportMmapFailureAndDieEmPKcS1_ib
#3 0x55555865c96b (/home/a/Downloads/asan-linux-release-480698/chrome+0x310896b) _ZN11__sanitizer9MmapOrDieEmPKcb
#4 0x5555585adcd4 (/home/a/Downloads/asan-linux-release-480698/chrome+0x3059cd4) _ZN11__sanitizer18LargeMmapAllocatorIN6__asan20AsanMapUnmapCallbackEE8AllocateEPNS_14AllocatorStatsEmm
#5 0x5555585adaa4 (/home/a/Downloads/asan-linux-release-480698/chrome+0x3059aa4) _ZN11__sanitizer17CombinedAllocatorINS_20SizeClassAllocator64IN6__asan4AP64EEENS_28SizeClassAllocatorLocalCacheIS4_EENS_18LargeMmapAllocatorINS2_20AsanMapUnmapCallbackEEEE8AllocateEPS6_mmb
#6 0x5555585aac30 (/home/a/Downloads/asan-linux-release-480698/chrome+0x3056c30) _ZN6__asan9Allocator8AllocateEmmPN11__sanitizer18BufferedStackTraceENS_9AllocTypeEb
#7 0x555558648937 (/home/a/Downloads/asan-linux-release-480698/chrome+0x30f4937) malloc
#8 0x5555633a402e (/home/a/Downloads/asan-linux-release-480698/chrome+0xde5002e) AllocateBacking()
#9 0x55555bdb8e48 (/home/a/Downloads/asan-linux-release-480698/chrome+0x6864e48) ReserveCapacity()
#10 0x5555633bfa76 (/home/a/Downloads/asan-linux-release-480698/chrome+0xde6ba76) Append<unsigned short>()
#11 0x5555633bf752 (/home/a/Downloads/asan-linux-release-480698/chrome+0xde6b752) Append()
#12 0x55556dae151e (/home/a/Downloads/asan-linux-release-480698/chrome+0x1858d51e) textContent()
#13 0x55556da1552f (/home/a/Downloads/asan-linux-release-480698/chrome+0x184c152f) innerText()
#14 0x55556cac529d (/home/a/Downloads/asan-linux-release-480698/chrome+0x1757129d) innerTextAttributeGetterCallback()
#15 0x7fffbe3041e2 (<unknown module>)
Did this work before? N/A
Chrome version: asan-linux-release-480698 Channel: n/a
OS Version: 16.04.2 LTS
Flash Version:
Also test on :
Chrome Version : 59.0.3071.109 stable
Operating System : Windows 7 Professional with Service Pack 1
,
Jun 22 2017
ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://cluster-fuzz.appspot.com/testcase?key=5475109698797568
,
Jun 22 2017
Not a security issue as per security guidelines linked in c#1.
,
Jun 28 2017
Tested the issue on windows 7 and Mac Os 10.12.5 using chrome m59 #59.0.3071.115 and followed below steps : 1. Launched chrome and opened poc.html in chrome and got aw snap message with no memory message in windows and in Mac OS page got in unresponsive mode with error in console. Attached screencast of windows. @qflbapp-- Could you please check attached screencast and confirm us if this is the actual issue and also please help us by providing the expected result screenshot for better understanding. Thanks!
,
Jun 29 2017
,
Nov 6 2017
Exhausting memory space in a renderer isn't an issue. There are lots of ways to accomplish that. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by elawrence@chromium.org
, Jun 22 2017