Out-of-memory in mediasource_MP4_FLAC_pipeline_integration_fuzzer |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5359340314951680 Fuzzer: libFuzzer_mediasource_MP4_FLAC_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Out-of-memory (exceeds 2048 MB) Crash Address: Crash State: mediasource_MP4_FLAC_pipeline_integration_fuzzer Sanitizer: memory (MSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=497057:497112 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5359340314951680 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Aug 29 2017
This issue looks similar to Bug ID -- 759277. Assigning to the concern owner from CL -- https://chromium.googlesource.com/chromium/src/+log/0a707c2a1200365fa32192a8728c81b10a86824d..163cd2ca687a58b9918a7e5b4f696322a2286f79?pretty=fuller&n=10000 Suspecting Commit# https://chromium.googlesource.com/chromium/src/+/0b378819e3b3925e0eabd34e73d3972a19b4a46d @wolenetz -- Could you please look into the issue, kindly re-assign if this is not related to your changes. Thank You.
,
Aug 30 2017
I have a local repro.
,
Aug 30 2017
,
Aug 30 2017
I'll dig further tomorrow. It looks like the MP4 contains metadata leading the parser to do huge repetitions of PopulateSampleInfo processing in at least debug asan. In this regard, looks like 759277.
,
Aug 30 2017
In track_run_iterator, trun.sample_count is extreme: 16777216. Looks like we could add some simple sanity to reject with parse error something not even that extreme. Seems this has same underlying problem as bug 759277. Marking as duplicate. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Aug 26 2017