Out-of-memory in pdf_codec_jbig2_fuzzer |
||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4971629319553024 Fuzzer: libFuzzer_pdf_codec_jbig2_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Out-of-memory (exceeds 2048 MB) Crash Address: Crash State: pdf_codec_jbig2_fuzzer Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=421437:421490 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4971629319553024 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
May 8 2018
Predator could not provide any possible suspects. From the above CL observing some changes related to 'pdf_codec_jbig2_fuzzer' , hence suspecting the same Suspect CL: https://chromium.googlesource.com/chromium/src/+/1deca3a90d6421a377d718d09479645af0d9fe53 kcwu@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. Thanks!
,
May 8 2018
,
May 9 2018
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/575ceba24463a2211e8669f8d919d3c91385d72b commit 575ceba24463a2211e8669f8d919d3c91385d72b Author: Lei Zhang <thestig@chromium.org> Date: Wed May 09 18:35:36 2018 Make memory usage in CJBig2_HTRDProc::DecodeImage() O(1). Instead of allocating an N-pixel array to store some temporary values, just use a single integer. BUG= chromium:840728 Change-Id: I7a0ff83d814eff127033f25020a7c398db3c2062 Reviewed-on: https://pdfium-review.googlesource.com/32290 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org> [modify] https://crrev.com/575ceba24463a2211e8669f8d919d3c91385d72b/core/fxcodec/jbig2/JBig2_HtrdProc.cpp
,
May 9 2018
,
May 9 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/31d8083f64fb4e34584e6729a460adb376b4389b commit 31d8083f64fb4e34584e6729a460adb376b4389b Author: pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Wed May 09 19:49:11 2018 Roll src/third_party/pdfium/ 27924e6c9..575ceba24 (1 commit) https://pdfium.googlesource.com/pdfium.git/+log/27924e6c9d43..575ceba24463 $ git log 27924e6c9..575ceba24 --date=short --no-merges --format='%ad %ae %s' 2018-05-09 thestig Make memory usage in CJBig2_HTRDProc::DecodeImage() O(1). Created with: roll-dep src/third_party/pdfium BUG= chromium:840728 The AutoRoll server is located here: https://pdfium-roll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. TBR=dsinclair@chromium.org Change-Id: Iab49d82532675af46bcca01200b2aabdc6f45245 Reviewed-on: https://chromium-review.googlesource.com/1052681 Commit-Queue: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Reviewed-by: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#557285} [modify] https://crrev.com/31d8083f64fb4e34584e6729a460adb376b4389b/DEPS
,
May 16 2018
ClusterFuzz testcase 4971629319553024 is still reproducing on tip-of-tree build (trunk). Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label.
,
May 16 2018
,
May 16 2018
CF has gone from OOM in CJBig2_HTRDProc::DecodeImage() to timing out further inside CJBig2_HTRDProc::DecodeImage().
,
May 16 2018
The test case runs in ~9 seconds locally, but on the bot it times out after 25.
,
May 17 2018
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/3689975377feb92a84488cd51b1cb30c818e3d55 commit 3689975377feb92a84488cd51b1cb30c818e3d55 Author: Lei Zhang <thestig@chromium.org> Date: Thu May 17 17:21:22 2018 Expose CJBig2_Image::ComposeTo() as a public method. CJBig2_Image::ComposeFrom() wraps a call to ComposeTo() and does an extra validity check. In tight loops where the validity check will always succeed, this is wasteful. Change existing callers of ComposeFrom() to ComposeTo() when the validity check has already been done. BUG= chromium:840728 Change-Id: I39fb42eea49b92b7804cbd42c3d8a0329edeb58d Reviewed-on: https://pdfium-review.googlesource.com/32637 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org> [modify] https://crrev.com/3689975377feb92a84488cd51b1cb30c818e3d55/core/fxcodec/jbig2/JBig2_Image.h [modify] https://crrev.com/3689975377feb92a84488cd51b1cb30c818e3d55/core/fxcodec/jbig2/JBig2_HtrdProc.cpp [modify] https://crrev.com/3689975377feb92a84488cd51b1cb30c818e3d55/core/fxcodec/jbig2/JBig2_TrdProc.cpp
,
May 17 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e2f9b1f8da7d6abb18b1c917fcfb670666561d77 commit e2f9b1f8da7d6abb18b1c917fcfb670666561d77 Author: pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Thu May 17 20:57:48 2018 Roll src/third_party/pdfium/ 512509a5b..c647ed6de (7 commits) https://pdfium.googlesource.com/pdfium.git/+log/512509a5bb48..c647ed6de273 $ git log 512509a5b..c647ed6de --date=short --no-merges --format='%ad %ae %s' 2018-05-17 npm Deprecate several Path/Text APIs. 2018-05-17 dsinclair Make CXFA_LayoutProcessor an UnownedPtr in CXFA_FFDocView 2018-05-17 thestig Roll third_party/freetype/src/ 2157d8fa6..9e345c911 (9 commits) 2018-05-17 thestig Annotate CFX_ImageTransformer with LIKELY(). 2018-05-17 dsinclair Add comment about cleaning binding nodes 2018-05-17 thestig Expose CJBig2_Image::ComposeTo() as a public method. 2018-05-17 thestig Avoid fmodf() in CFX_BilinearMatrix. Created with: roll-dep src/third_party/pdfium BUG= chromium:840728 The AutoRoll server is located here: https://pdfium-roll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. TBR=dsinclair@chromium.org Change-Id: I389ea14aa7872f3ce31b3c6b2afa298d37f77a29 Reviewed-on: https://chromium-review.googlesource.com/1064709 Commit-Queue: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Reviewed-by: pdfium-chromium-autoroll <pdfium-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#559669} [modify] https://crrev.com/e2f9b1f8da7d6abb18b1c917fcfb670666561d77/DEPS
,
May 18 2018
Oh, CF is running ASAN + debug build. This is going to be super slow. (135 seconds locally) mmoroz: Any advice on how to proceed here? I can keep trying to optimize the code, but I'm not sure I'll ever get it down to under 25 seconds.
,
May 18 2018
I think it's fine to WontFix performance related issues reported with ASan + Debug build.
,
May 18 2018
Closing as Fixed since the original OOM has been fixed, and CF then noticed the same test case is too slow.
,
May 22 2018
,
May 22 2018
|
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by ClusterFuzz
, May 8 2018Labels: ClusterFuzz-Auto-CC