New issue
Advanced search Search tips

Issue 891967 link

Starred by 2 users

Issue metadata

Status: Verified
Owner:
Closed: Nov 16
Cc:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Timeout in libpng_read_fuzzer

Project Member Reported by ClusterFuzz, Oct 4

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5386974402445312

Fuzzer: libFuzzer_libpng_read_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Timeout (exceeds 25 secs)
Crash Address: 
Crash State:
  libpng_read_fuzzer
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=583284:583299

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5386974402445312

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
 
Project Member

Comment 1 by ClusterFuzz, Oct 4

Cc: aizatsky@chromium.org
Labels: ClusterFuzz-Auto-CC
Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.
Cc: kkaluri@chromium.org
Labels: M-70 CF-NeedsTriage Test-Predator-Wrong
Unable to find actual suspect through code search and also observing no CL's under regression range, hence adding appropriate label and requesting someone from Dev team to look in to this issue.

Thanks!

Labels: -CF-NeedsTriage
Owner: mmoroz@chromium.org
Status: Assigned (was: Untriaged)
mmoroz@, just wondering do you have any inputs here?
Interesting! Looks like an inputs is too big to process:

$ pngcheck -v clusterfuzz-testcase-minimized-libpng_read_fuzzer-5386974402445312 
File: clusterfuzz-testcase-minimized-libpng_read_fuzzer-5386974402445312 (209705 bytes)
  chunk IHDR at offset 0x0000c, length 13
    253544 x 200 image, 48-bit RGB, non-interlaced
  chunk IDAT at offset 0x00025, length 352326290
    zlib: deflated, 32K window, default compression
:  EOF while reading data

Cc: -aizatsky@chromium.org mmoroz@chromium.org
Owner: cblume@chromium.org
cblume@, since you've been interesting in PNG fuzzing, maybe you could also take a look at this one and e.g. add some limits against super big images?

We have some, but it looks like it can be improved: https://cs.chromium.org/chromium/src/testing/libfuzzer/fuzzers/libpng_read_fuzzer.cc?q=libpng_read_fuz&sq=package:chromium&g=0&l=129

Project Member

Comment 6 by ClusterFuzz, Nov 16

ClusterFuzz has detected this issue as fixed in range 608446:608451.

Detailed report: https://clusterfuzz.com/testcase?key=5386974402445312

Fuzzer: libFuzzer_libpng_read_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Timeout (exceeds 25 secs)
Crash Address: 
Crash State:
  libpng_read_fuzzer
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=583284:583299
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=608446:608451

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5386974402445312

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 7 by ClusterFuzz, Nov 16

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 5386974402445312 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment