New issue
Advanced search Search tips

Issue 750177 link

Starred by 1 user
Status: Fixed
Owner:
rharrison@chromium.org
Closed: Jul 2017
Cc:
npm@chromium.org
thestig@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Mac
Pri: 1
Type: Bug

Blocking:
issue 584819



Sign in to add a comment

Timeout in pdf_fm2js_fuzzer

Project Member Reported by ClusterFuzz, Jul 28 2017 
Detailed report: https://clusterfuzz.com/testcase?key=5709664271728640

Fuzzer: libFuzzer_pdf_fm2js_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Timeout (exceeds 25 secs)
Crash Address: 
Crash State:
  pdf_fm2js_fuzzer
  
Sanitizer: memory (MSAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5709664271728640


Issue manually filed by: mmoroz

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by mmoroz@chromium.org, Jul 28 2017

Blocking: 584819
Cc: thestig@chromium.org
Components: Internals>Plugins>PDF
Owner: npm@chromium.org
This timeout is marked as non reproducible, but actually it happens in 100% of runs: https://clusterfuzz.com/v2/performance-report/libFuzzer_pdf_fm2js_fuzzer/libfuzzer_chrome_asan/latest

You just need to run the fuzzer and after a couple of hundreds of testcases it dies. Since it occurs on every fuzzer run, the fuzzer cannot reach new coverage until this gets fixed.

Comment 2 by npm@chromium.org, Jul 28 2017

Cc: npm@chromium.org
Owner: rharrison@chromium.org
Bisected to 952477dbee761a6e38ce675f2095bbfc9cfd7450 (this CL https://pdfium-review.googlesource.com/8850).
Project Member

Comment 3 by ClusterFuzz, Jul 28 2017

Labels: OS-Mac

Comment 4 by msrchandra@chromium.org, Jul 31 2017

Labels: Test-Predator-Wrong
Status: Assigned (was: Untriaged)

Comment 5 by rharrison@chromium.org, Jul 31 2017

Status: Started (was: Assigned)

Comment 6 by rharrison@chromium.org, Jul 31 2017

Status: Fixed (was: Started)
Rolling git back to the change referenced in the test case I am able to reproduce the issue. With git at HEAD I am not able to reproduce.

Given that there has been a significant refactoring landed to the lexer/parser logic, which is where the issue appeared to be happening, I am pretty sure that this issue has actually been fixed. The DEPS for Chromium at the time of this test case was before the refactoring landed, but after some of the preliminary work had.

Sign in to add a comment