New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 763720 link

Starred by 1 user
Status: Fixed
Owner:
dsinclair@chromium.org
Closed: Jan 2018
Cc:
rharrison@chromium.org
msrchandra@chromium.org
tsepez@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Mac
Pri: 2
Type: Bug



Sign in to add a comment

Out-of-memory in pdfium_fuzzer

Project Member Reported by ClusterFuzz, Sep 10 2017 
Detailed report: https://clusterfuzz.com/testcase?key=4892231361363968

Fuzzer: libFuzzer_pdfium_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  pdfium_fuzzer
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=395675:395769

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4892231361363968

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by msrchandra@chromium.org, Sep 11 2017

Cc: tsepez@chromium.org msrchandra@chromium.org
Components: Internals>Plugins>PDF
Labels: -Pri-1 Test-Predator-Wrong-CLs M-63 Pri-2
Owner: dsinclair@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL could not provide any possible suspects.
Using Code Search for the file, "pdfium_fuzzer" assigning to the concern owner who might be related.

@dsinclair -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 2 by thestig@chromium.org, Sep 11 2017 

According to CCodec_JpegDecoder, it's a 32K x 32K image. Not sure what we can do given the image size.

Comment 3 by dsinclair@chromium.org, Sep 18 2017

Cc: rharrison@chromium.org
thestig@ is the a dupe of 754432 since they're both jpeg image size issues?

Comment 4 by thestig@chromium.org, Sep 18 2017

Labels: -M-63
 Bug 754432  is about the decoding taking too long. This is taking too much memory.

Comment 5 by dsinclair@chromium.org, Sep 19 2017 

Right, but one is large image dimension decoding and one is large image dimension memory size. Sounds like they're both, we don't handle really really big images, they just surface it in different ways.

Comment 6 by mmoroz@chromium.org, Oct 24 2017 

For more information, please see https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md.

The link referenced in the description is no longer valid.
Project Member

Comment 7 by ClusterFuzz, Nov 2 2017

Labels: OS-Mac

Comment 8 by dsinclair@chromium.org, Jan 2 2018

Status: Fixed (was: Assigned)
A bunch of these were fixed by rharrison@ and npm@ by setting hard limits on the image sizes. I'm going to mark this as fixed to see if CF verifies.

Sign in to add a comment