New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 784123 link

Starred by 1 user
Status: WontFix
Owner:
wolenetz@chromium.org
Closed: Nov 2017
Cc:
fgalligan@chromium.org
kkaluri@chromium.org
mmoroz@chromium.org
johannkoenig@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Mac
Pri: 1
Type: Bug



Sign in to add a comment

Out-of-memory in mediasource_WEBM_VP9_pipeline_integration_fuzzer

Project Member Reported by ClusterFuzz, Nov 11 2017 
Detailed report: https://clusterfuzz.com/testcase?key=4951342375501824

Fuzzer: libFuzzer_mediasource_WEBM_VP9_pipeline_integration_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  mediasource_WEBM_VP9_pipeline_integration_fuzzer
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=497057:497112

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4951342375501824

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

Comment 1 by dtapu...@chromium.org, Nov 12 2017

Components: Internals>Media

Comment 2 by kkaluri@chromium.org, Nov 13 2017

Cc: kkaluri@chromium.org
Labels: M-63 CF-NeedsTriage Test-Predator-Wrong
Unable to provide possible suspect using Predator, CL and Code Search.
Could someone please look into the issue.

Thank You...

Comment 3 by dalecur...@chromium.org, Nov 13 2017

Cc: wolenetz@chromium.org

Comment 4 by yini...@chromium.org, Nov 14 2017

Cc: -wolenetz@chromium.org
Owner: wolenetz@chromium.org
Status: Assigned (was: Untriaged)
P1 bug, give to wolenetz@ to start. matt, please feel free to reassign appropriately.

Comment 5 by wolenetz@chromium.org, Nov 14 2017

Cc: johannkoenig@chromium.org fgalligan@chromium.org mmoroz@chromium.org
Status: WontFix (was: Assigned)
I have a local repro. It looks very much like  bug 760928 : MSAN-only repro (not ASAN), and doesn't repro with MSAN if I set -rss_limit_mb=4096.

With dcheck_always_on and with -rss_limit_mb=4096, I *do* see the following output log:
...:ERROR:vpx_video_decoder.cc(689)] vpx_codec_decode() error: Memory allocation error
And with further local logging, the vpx decode error detail (vpx_error_internal detail) is "Failed to allocate bool decoder 0".

cc+=some of the folks from similar  bug 760928 .
See especially https://bugs.chromium.org/p/chromium/issues/detail?id=760928#c7 and bug 770430.

Please reactivate if this shouldn't be treated like  bug 760928 .

Comment 6 by mmoroz@google.com, Nov 15 2017 

Sounds good, thanks Matt!
Project Member

Comment 7 by ClusterFuzz, Nov 21 2017

Labels: Needs-Feedback
ClusterFuzz testcase 4951342375501824 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.
Project Member

Comment 8 by ClusterFuzz, Nov 27 2017

Labels: OS-Mac

Sign in to add a comment