Out-of-memory in v8_regexp_parser_fuzzer |
|||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4896809005350912 Fuzzer: libFuzzer_v8_regexp_parser_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Out-of-memory (exceeds 2048 MB) Crash Address: Crash State: v8_regexp_parser_fuzzer Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=556130:556146 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4896809005350912 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Jun 25 2018
Issue 855980 has been merged into this issue.
,
Jun 25 2018
,
Jul 4
Again a sequence of "\B\b", this time causing OOM. Jakob, is there anything actionable? Should be somehow fail gracefully or reject such regexps instead of running OOM?
,
Jul 5
We could special-case this and collapse \b\B sequences (and variants) into failure, since this can never match. See the duplicated bug. Not sure it makes sense to add logic for this since it seems like a rather narrow case and it's only the fuzzer that keeps running into it.
,
Jul 12
ClusterFuzz testcase 4896809005350912 is still reproducing on tip-of-tree build (trunk). If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase. Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.
,
Jul 17
,
Jul 19
,
Oct 9
,
Dec 1
ClusterFuzz testcase 4896809005350912 appears to be flaky, updating reproducibility label. |
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by ClusterFuzz
, Jun 25 2018Labels: Test-Predator-Auto-Components