New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 747747 link

Starred by 1 user
Status: Duplicate
Merged: issue 729673
Owner:
dsinclair@chromium.org
Closed: Aug 2017
Cc:
msrchandra@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Mac
Pri: 1
Type: Bug

Blocking:
issue 62400
issue 584819



Sign in to add a comment

Out-of-memory in pdf_codec_png_fuzzer

Project Member Reported by ClusterFuzz, Jul 23 2017 
Detailed report: https://clusterfuzz.com/testcase?key=6131624508129280

Fuzzer: libFuzzer_pdf_codec_png_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  pdf_codec_png_fuzzer
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=438798:438824

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6131624508129280


Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by msrchandra@chromium.org, Jul 24 2017

Cc: msrchandra@chromium.org
Labels: M-61 Test-Predator-Wrong
Owner: dsinclair@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL did not provide any possible suspect.
Using Code Search for the file, "pdf_codec_png_fuzzer", assigning to concern owner who might be related.

@dsinclair -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 2 by dsinclair@chromium.org, Jul 24 2017

Blocking: 62400
Labels: -M-61
png is XFA only
Project Member

Comment 3 by ClusterFuzz, Jul 25 2017

Labels: OS-Mac

Comment 4 by mmoroz@chromium.org, Jul 27 2017

Blocking: 584819
This crash happens in ~80% of fuzzer runs and prevents the fuzzer from gaining new coverage and performing continuous testing: https://clusterfuzz.com/v2/performance-report/libFuzzer_pdf_codec_png_fuzzer/libfuzzer_chrome_asan/latest

I'm a bit out of the context. What is XFA? Is it some legacy stuff that nobody needs anymore, or is it the opposite, something very new that is raw for production and has many bugs?

Comment 5 by mmoroz@chromium.org, Jul 27 2017

Components: Internals>Plugins>PDF

Comment 6 by dsinclair@chromium.org, Aug 8 2017 

XFA is very new, has many bugs and is not yet ready for production.

Comment 7 by thestig@chromium.org, Aug 23 2017

Mergedinto: 729673
Status: Duplicate (was: Assigned)
I just landed the  bug 729673  fix in PDFium's copy of libpng and that made this bug go away.

Sign in to add a comment