New issue
Advanced search Search tips

Issue 863249 link

Starred by 2 users

Issue metadata

Status: Assigned
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 2
Type: Bug



Sign in to add a comment

Out-of-memory in pdf_codec_jbig2_fuzzer

Project Member Reported by ClusterFuzz, Jul 12

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5840992234897408

Fuzzer: libFuzzer_pdf_codec_jbig2_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  pdf_codec_jbig2_fuzzer
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=421422:421468

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5840992234897408

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
 
Project Member

Comment 1 by ClusterFuzz, Jul 12

Labels: OS-Mac
Project Member

Comment 2 by ClusterFuzz, Jul 12

Cc: dsinclair@chromium.org jam@chromium.org brucedaw...@chromium.org
Labels: ClusterFuzz-Auto-CC
Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.
Cc: kkaluri@chromium.org
Components: Internals>Plugins>PDF
Labels: M-68 Test-Predator-Wrong CF-NeedsTriage
Unable to provide possible suspect using Predator, CL and Code Search.
Could someone please look into the issue.

Thank You...

Cc: -jam@chromium.org -brucedaw...@chromium.org -dsinclair@chromium.org
Labels: -Pri-1 -M-68 -CF-NeedsTriage Pri-2
Owner: thestig@chromium.org
Status: Assigned (was: Untriaged)
Cc: mmoroz@chromium.org
mmoroz: Can you remind me how bad it is to have fuzzers run out of memory? I don't think I can fix this without reducing the maximum supported image size.
It's pretty bad in general, but this crash has been found with MSan, which has a significant memory overhead, so please feel free to WontFix if it doesn't happen with ASan.

One more important signal though is how often this crash occurs. There is Crash Stats section on the ClusterFuzz page, stats for that one don't see terribly bad, but don't look insignificant either.

How bad it would be to reduce the maximum supported image size, as you mentioned in c#5?
Project Member

Comment 7 by ClusterFuzz, Oct 10

Labels: OS-Windows
Project Member

Comment 8 by ClusterFuzz, Oct 17

ClusterFuzz has detected this issue as fixed in range 600158:600186.

Detailed report: https://clusterfuzz.com/testcase?key=5840992234897408

Fuzzer: libFuzzer_pdf_codec_jbig2_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  pdf_codec_jbig2_fuzzer
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=421422:421468
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=600158:600186

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5840992234897408

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 9 by ClusterFuzz, Oct 17

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 5840992234897408 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Status: Assigned (was: Verified)
PartitionAlloc update broke the fuzzer.

Sign in to add a comment