New issue
Advanced search Search tips

Issue 874577 link

Starred by 2 users
Status: WontFix
Owner:
dalecur...@chromium.org
Closed: Aug 31
Cc:
sande...@chromium.org
kkaluri@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 3
Type: Bug



Sign in to add a comment

Out-of-memory in media_pipeline_integration_fuzzer

Project Member Reported by ClusterFuzz, Aug 15 
Detailed report: https://clusterfuzz.com/testcase?key=5602348777603072

Fuzzer: libFuzzer_media_pipeline_integration_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  media_pipeline_integration_fuzzer
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=517703:517713

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5602348777603072

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
Project Member

Comment 1 by ClusterFuzz, Aug 15

Labels: OS-Mac

Comment 2 by kkaluri@chromium.org, Aug 16

Cc: kkaluri@chromium.org
Components: Internals>Media
Labels: M-69 Test-Predator-Wrong CF-NeedsTriage
Unable to find actual suspect through code search and also observing no CL's under regression range, hence adding appropriate label and requesting someone from dev team to look in to this issue.

Thanks!

Comment 3 by manoranj...@chromium.org, Aug 30

Labels: -CF-NeedsTriage
Owner: dalecur...@chromium.org
Status: Assigned (was: Untriaged)
dalecurtis@, can you please see if this change (https://chromium.googlesource.com/chromium/src/+/aea3d2d4d8d304df1a029ef83d248508073bd066) is related?

Thank you!

Comment 4 by dalecur...@chromium.org, Aug 30

Cc: sande...@chromium.org
Labels: -Pri-1 Pri-3
This is another case of too many entries. 'trun' has an entry count of 33554432. Unfortunately I don't think trun have a way to determine what the max size could be. While weird, the entries have size only based on flags, and if the flags aren't set you may end up with generated values for each entry. +sandersd, but I think this might be wont fix. The code is here:

https://cs.chromium.org/chromium/src/third_party/ffmpeg/libavformat/mov.c?l=4736

Comment 5 by sande...@chromium.org, Aug 31

Status: WontFix (was: Assigned)
I agree, it is possible to have zero-sized entries, and this is such a case. The FFmpeg code already sets a limit, it's just larger than the fuzzer allows.
Project Member

Comment 6 by ClusterFuzz, Sep 7

Labels: Needs-Feedback
ClusterFuzz testcase 5602348777603072 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

Comment 7 by sande...@chromium.org, Sep 7

Labels: ClusterFuzz-Ignore
Project Member

Comment 8 by ClusterFuzz, Oct 9

Labels: OS-Windows
Project Member

Comment 9 by ClusterFuzz, Dec 1

Labels: -Reproducible Unreproducible
ClusterFuzz testcase 5602348777603072 appears to be flaky, updating reproducibility label.

Sign in to add a comment