Out-of-memory in pdf_codec_jbig2_fuzzer |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5002063724675072 Fuzzer: libFuzzer_pdf_codec_jbig2_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Out-of-memory (exceeds 2048 MB) Crash Address: Crash State: pdf_codec_jbig2_fuzzer Sanitizer: memory (MSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=511806:511819 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5002063724675072 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Nov 1 2017
,
Nov 7 2017
npm, could you take a look at this? dsinclair suggested you might have a little more context on the jbig2 code.
,
Nov 8 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/7055dffad92bd7be7cdb20ed12d5cc5890177e7a commit 7055dffad92bd7be7cdb20ed12d5cc5890177e7a Author: Nicolas Pena <npm@chromium.org> Date: Wed Nov 08 17:39:12 2017 Prevent cyclic offset on CJBig2_Context This CL changes the type of |m_dwOffset| to safe unsigned integer to prevent the offset from cycling from MAX_UINT32 back to 0. Bug: chromium:778912 Change-Id: Ib93a8392e52eecf2cc223438ac85e9dc529b0f43 Reviewed-on: https://pdfium-review.googlesource.com/18130 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org> [modify] https://crrev.com/7055dffad92bd7be7cdb20ed12d5cc5890177e7a/core/fxcodec/jbig2/JBig2_Context.h [modify] https://crrev.com/7055dffad92bd7be7cdb20ed12d5cc5890177e7a/core/fxcodec/jbig2/JBig2_Context.cpp
,
Nov 9 2017
Please note that MSan has a bigger memory overhead compared to other sanitizers (ASan / UBSan). Due to that, it can be hard to fix an OOM happening with MSan.
,
Nov 9 2017
Yes, but this one is fixed. Re-running CF.
,
Nov 10 2017
ClusterFuzz has detected this issue as fixed in range 514858:514905. Detailed report: https://clusterfuzz.com/testcase?key=5002063724675072 Fuzzer: libFuzzer_pdf_codec_jbig2_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Out-of-memory (exceeds 2048 MB) Crash Address: Crash State: pdf_codec_jbig2_fuzzer Sanitizer: memory (MSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=511806:511819 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=514858:514905 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5002063724675072 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 10 2017
ClusterFuzz testcase 5002063724675072 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by pnangunoori@chromium.org
, Oct 27 2017Components: Internals>Plugins>PDF
Labels: M-64 Test-Predator-Wrong
Owner: rharrison@chromium.org
Status: Assigned (was: Untriaged)