New issue
Advanced search Search tips

Issue 876725 link

Starred by 2 users
Status: WontFix
Owner:
dalecur...@chromium.org
Closed: Aug 30
Cc:
kkaluri@chromium.org
mmoroz@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows
Pri: 3
Type: Bug



Sign in to add a comment

Out-of-memory in media_vpx_video_decoder_fuzzer

Project Member Reported by ClusterFuzz, Aug 22 
Detailed report: https://clusterfuzz.com/testcase?key=5679281456545792

Fuzzer: libFuzzer_media_vpx_video_decoder_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  media_vpx_video_decoder_fuzzer
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=430917:430934

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5679281456545792

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

Comment 1 by kkaluri@chromium.org, Aug 23

Cc: kkaluri@chromium.org
Labels: M-69 Test-Predator-Wrong CF-NeedsTriage
Unable to find actual suspect through code search and also observing no CL's under regression range, hence adding appropriate label and requesting someone from dev team to look in to this issue.

Thanks!

Comment 2 by manoranj...@chromium.org, Aug 30

Components: Internals>Media
Labels: -CF-NeedsTriage
Owner: mmoroz@chromium.org
Status: Assigned (was: Untriaged)
mmoroz@, can you please look into this change (https://chromium.googlesource.com/chromium/src/+/29b3abb7b00ec613920892937199d39f684c9493) ? Not very sure if this is a real OOM.

Thank you!

Comment 3 by dalecur...@chromium.org, Aug 30

Cc: mmoroz@chromium.org
Labels: -Pri-1 Pri-3
Owner: dalecur...@chromium.org

Comment 4 by dalecur...@chromium.org, Aug 30

Status: WontFix (was: Assigned)
This one is asking for a 1345683487 byte frame buffer, which is within reason for our 16kx16k frame limits.

[0830/161346.479378:ERROR:vpx_video_decoder.cc(161)] Decode: timestamp=0 duration=0 size=10 side_data_size=0 is_key_frame=0 encrypted=0 discard_padding (us)=(0, 0)
[0830/161346.657381:ERROR:frame_buffer_pool.cc(46)] GetFrameBuffer: 1345683487
[0830/161347.351166:ERROR:vpx_video_decoder.cc(326)] vpx_codec_decode() error: Corrupt frame detected
==63581== ERROR: libFuzzer: out-of-memory (used: 3233Mb; limit: 2048Mb)

So WontFix.
Project Member

Comment 5 by ClusterFuzz, Sep 6

Labels: Needs-Feedback
ClusterFuzz testcase 5679281456545792 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

Comment 6 by mmoroz@chromium.org, Sep 7

Labels: ClusterFuzz-Ignore
Project Member

Comment 7 by ClusterFuzz, Oct 10

Labels: OS-Windows
Project Member

Comment 8 by ClusterFuzz, Nov 6 

ClusterFuzz has detected this issue as fixed in range 605620:605621.

Detailed report: https://clusterfuzz.com/testcase?key=5679281456545792

Fuzzer: libFuzzer_media_vpx_video_decoder_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  media_vpx_video_decoder_fuzzer
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=430917:430934
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=605620:605621

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5679281456545792

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment