Timeout in pdf_jpx_fuzzer |
|||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5599116897026048 Fuzzer: libFuzzer_pdf_jpx_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Timeout (exceeds 25 secs) Crash Address: Crash State: pdf_jpx_fuzzer Sanitizer: address (ASAN) Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5599116897026048 Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. If the fix resolved the issue, please close the bug by marking as Fixed. Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Aug 17 2017
Stack-overflow, Out of memory and Timeout issues are 'P2'.
,
Aug 30 2017
Predator and CL could not provide any possible suspects. Using Code Search for the file, "pdf_jpx_fuzzer" assigning to concern owner who might be related. @npm -- Could you please look into the issue, kindly re-assign if this is not related to your changes. Thank You.
,
Aug 30 2017
,
Aug 30 2017
Maybe this one started after bug 738711 got fixed?
,
Aug 31 2017
hnakashima@ can you take a look?
,
Sep 13 2017
Ryan is looking at a bug that seems to be a dupe.
,
Sep 13 2017
I landed a fix for a similar JPX issue, https://pdfium-review.googlesource.com/c/pdfium/+/13550, on Sept 8th, which is the date this stats for this crash dropped to 0. I am pretty sure this is fixed already.
,
Sep 14 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/3ad06a513bc490065b860a543ffb43eb169769bd commit 3ad06a513bc490065b860a543ffb43eb169769bd Author: Ryan Harrison <rharrison@chromium.org> Date: Thu Sep 14 15:44:21 2017 Revert moving JPX library decode from Init to Decode Due to some of the size parameters for allocating space in Decode() depending on the values produced by opj_decode(), this change was causing misallocation of space, which in turn was causing illegal reads/writes. The issue with excessive memory usage that the original CL was trying to change is less significant than the above mentioned problems, so reverting this fix and looking for another solution to the problem. This will re-open bugs https://crbug.com/754423 and https://crbug.com/761005 . BUG= chromium:764177 , chromium:754423 , chromium:761005 Change-Id: I1cafac8a8117ec1e3bc32b31196bdec719d46477 Reviewed-on: https://pdfium-review.googlesource.com/13950 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> [modify] https://crrev.com/3ad06a513bc490065b860a543ffb43eb169769bd/core/fxcodec/codec/fx_codec_jpx_opj.cpp
,
Sep 14 2017
,
Sep 14 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d9eaae6913711672807d9ca1b36eaf717dade779 commit d9eaae6913711672807d9ca1b36eaf717dade779 Author: pdfium-deps-roller@chromium.org <pdfium-deps-roller@chromium.org> Date: Thu Sep 14 17:02:20 2017 Roll src/third_party/pdfium/ 038740c2f..3ad06a513 (1 commit) https://pdfium.googlesource.com/pdfium.git/+log/038740c2fbd2..3ad06a513bc4 $ git log 038740c2f..3ad06a513 --date=short --no-merges --format='%ad %ae %s' 2017-09-14 rharrison Revert moving JPX library decode from Init to Decode Created with: roll-dep src/third_party/pdfium BUG= 764177 , 754423 , 761005 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, see: http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls TBR=dsinclair@chromium.org Change-Id: If61754f47a2144bf9770b3ced03db0f92c4ef288 Reviewed-on: https://chromium-review.googlesource.com/667497 Reviewed-by: <pdfium-deps-roller@chromium.org> Commit-Queue: <pdfium-deps-roller@chromium.org> Cr-Commit-Position: refs/heads/master@{#501969} [modify] https://crrev.com/d9eaae6913711672807d9ca1b36eaf717dade779/DEPS
,
Sep 15 2017
,
Sep 19 2017
Sending this over to dsinclair to look at, since I have sunk way too much time into this.
,
Oct 24 2017
For more information, please see https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md. The link referenced in the description is no longer valid. (bulk edit)
,
Apr 17 2018
We are closing all ooms and timeouts that are unreproducible. We won't be filing such bugs in future. |
|||||||||||
►
Sign in to add a comment |
|||||||||||
Comment 1 by ClusterFuzz
, Aug 12 2017