Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Unable to provide possible suspect using Predator, CL and Code Search.
Could someone please look into the issue.

Thank You...

->backer

These tend to be clients submitting arbitrary large dimension buffers/textures/... and the service happily allocates a bunch of memory. It's not exactly wrong per se, depending on how much memory this can be, though it sometimes can cause OOM crashes in production (which aren't really a security issue, but worth avoiding if we can). If not, adding an arbitrary limit for fuzzers like e.g. https://cs.chromium.org/chromium/src/gpu/command_buffer/tests/fuzzer_main.cc?q=fuzzer_main.cc&sq=package:chromium&dr&l=383 to keep coverage.

This particular OOM is caused by clients setting large category_name and trace_name with TraceBeginCHROMIUM. These are stored at std::string in various places. I'm guessing that our implementation is simple (not ref-counted copy-on-write). These are never popped by the fuzzer and eventually lead to an OOM.

These never need to be long to be useful (I'm guessing 100 characters is enough). I'll put a CL up for review to clamp the length. This will unblock the fuzzer at least.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ff2ac0f9f7d01330dd10193103963b3f7de6df88

commit ff2ac0f9f7d01330dd10193103963b3f7de6df88
Author: Jonathan Backer <backer@chromium.org>
Date: Wed Jul 18 15:53:47 2018

Reject long trace and category names

This fixes a fuzzer OOM. 256 characters ought to be enough for anyone.

Bug:  863775 
Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel
Change-Id: I0103a2ab95aa6d87375dbc055d6a0f517c726799
Reviewed-on: https://chromium-review.googlesource.com/1140774
Reviewed-by: Antoine Labour <piman@chromium.org>
Commit-Queue: Jonathan Backer <backer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#576075}
[modify] https://crrev.com/ff2ac0f9f7d01330dd10193103963b3f7de6df88/gpu/command_buffer/client/gles2_implementation.cc
[modify] https://crrev.com/ff2ac0f9f7d01330dd10193103963b3f7de6df88/gpu/command_buffer/client/raster_implementation.cc
[modify] https://crrev.com/ff2ac0f9f7d01330dd10193103963b3f7de6df88/gpu/command_buffer/service/gles2_cmd_decoder.cc
[modify] https://crrev.com/ff2ac0f9f7d01330dd10193103963b3f7de6df88/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_handlers.cc
[modify] https://crrev.com/ff2ac0f9f7d01330dd10193103963b3f7de6df88/gpu/command_buffer/service/raster_decoder.cc

ClusterFuzz has detected this issue as fixed in range 576074:576075.

Detailed report: https://clusterfuzz.com/testcase?key=6478301561094144

Fuzzer: libFuzzer_gpu_raster_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  gpu_raster_fuzzer
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=564533:564548
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=576074:576075

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6478301561094144

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6478301561094144 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.