New issue
Advanced search Search tips

Issue 896224 link

Starred by 2 users
Status: Verified
Owner: ----
Closed: Nov 7
Cc:
kkaluri@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 1
Type: Bug



Sign in to add a comment

Out-of-memory in pdf_jpx_fuzzer

Project Member Reported by ClusterFuzz, Oct 17 
Detailed report: https://clusterfuzz.com/testcase?key=5699326146510848

Fuzzer: libFuzzer_pdf_jpx_fuzzer
Job Type: windows_libfuzzer_chrome_asan
Platform Id: windows

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  pdf_jpx_fuzzer
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5699326146510848

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
Project Member

Comment 1 by ClusterFuzz, Oct 17

Labels: OS-Linux

Comment 2 by kkaluri@chromium.org, Oct 18

Cc: kkaluri@chromium.org
Labels: Test-Predator-Wrong CF-NeedsTriage M-70
Unable to find actual suspect through code search and also observing no CL's under regression range, hence adding appropriate label and requesting someone from Dev team to look in to this issue.

Thanks!
Project Member

Comment 3 by ClusterFuzz, Oct 18

Labels: OS-Mac

Comment 4 by manoranj...@chromium.org, Oct 18

Components: Internals>Plugins>PDF
Labels: -CF-NeedsTriage
Owner: rharrison@chromium.org
Status: Assigned (was: Untriaged)
rharrison@, just wondering do you have further inputs here?

Thank you!

Comment 5 by rharrison@chromium.org, Oct 19

Owner: ----
Status: Available (was: Assigned)
Took a look at this. The fuzzer test case is an invalid JPX file, Image Viewer won't load it, though it does have the correct magic bits at the start.

The test case is fast failing for me on my Linux desktop, even when I restrict the memory to 512MB, so it isn't immediately obvious to me why there are OOMs occurring on the bots.

Looking at the stats, it appears this fuzzer OOMing has been occurring on Linux for at least the last 28 days, but there is a spike on Windows on October 9th.

The 3 rolls that went into Chromium on the 9th are https://chromium-review.googlesource.com/c/chromium/src/+/1272442, https://chromium-review.googlesource.com/c/chromium/src/+/1271978 and https://chromium-review.googlesource.com/c/chromium/src/+/1271365

The only immediately interesting CL in there is https://pdfium-review.googlesource.com/c/43530, but I don't think that is the root cause.
Project Member

Comment 6 by ClusterFuzz, Nov 7 

ClusterFuzz has detected this issue as fixed in range 605930:605950.

Detailed report: https://clusterfuzz.com/testcase?key=5699326146510848

Fuzzer: libFuzzer_pdf_jpx_fuzzer
Job Type: windows_libfuzzer_chrome_asan
Platform Id: windows

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  pdf_jpx_fuzzer
  
Sanitizer: address (ASAN)

Fixed: https://clusterfuzz.com/revisions?job=windows_libfuzzer_chrome_asan&range=605930:605950

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5699326146510848

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing_on_windows.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 7 by ClusterFuzz, Nov 7

Labels: ClusterFuzz-Verified
Status: Verified (was: Available)
ClusterFuzz testcase 5699326146510848 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 8 by metzman@chromium.org, Dec 14 

The documentation for reproducing bugs on Windows was moved to: https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md

Sign in to add a comment