Open Google-Autofuzz opened 6 years ago
Also reproduced on my flif-wasm:
> flif-wasm poc-8c7f61717e96f6fef73c9a2ceedc72f37dfc12165796e7813b4fdec6cd114c23_min -o flif.flif
Warning: expected file name extension ".flif" for input file, trying anyway...
Invalid number encountered!
Cannot enlarge memory arrays. Either (1) compile with -s TOTAL_MEMORY=X with X higher than the current value 2066874368, (2) compile with -s ALLOW_MEMORY_GROWTH=1 which allows increasing the size at runtime, or (3) if you want malloc to return NULL (0) instead of this abort, compile with -s ABORTING_MALLOC=0
Cannot enlarge memory arrays. Either (1) compile with -s TOTAL_MEMORY=X with X higher than the current value 2066874368, (2) compile with -s ALLOW_MEMORY_GROWTH=1 which allows increasing the size at runtime, or (3) if you want malloc to return NULL (0) instead of this abort, compile with -s ABORTING_MALLOC=0
exception thrown: abort("Cannot enlarge memory arrays. Either (1) compile with -s TOTAL_MEMORY=X with X higher than the current value 2066874368, (2) compile with -s ALLOW_MEMORY_GROWTH=1 which allows increasing the size at runtime, or (3) if you want malloc to return NULL (0) instead of this abort, compile with -s ABORTING_MALLOC=0 ") at Error
at jsStackTrace (C:\Users\sasch\AppData\Roaming\npm\node_modules\flif-wasm\lib\flif.js:5:16305)
at stackTrace (C:\Users\sasch\AppData\Roaming\npm\node_modules\flif-wasm\lib\flif.js:5:16476)
at abort (C:\Users\sasch\AppData\Roaming\npm\node_modules\flif-wasm\lib\flif.js:5:129113)
at abortOnCannotGrowMemory (C:\Users\sasch\AppData\Roaming\npm\node_modules\flif-wasm\lib\flif.js:5:17573)
at wasm-function[1157]:42
at wasm-function[1002]:3372
at wasm-function[1119]:19
at wasm-function[57]:113
at wasm-function[51]:248
at wasm-function[487]:8607
If this abort() is unexpected, build with -s ASSERTIONS=1 which can give more information.
(node:17756) UnhandledPromiseRejectionWarning: abort("Cannot enlarge memory arrays. Either (1) compile with -s TOTAL_MEMORY=X with X higher than the current value 2066874368, (2) compile with -s ALLOW_MEMORY_GROWTH=1 which allows increasing the size at runtime, or (3) if you want malloc to return NULL (0) instead of this abort, compile with -s ABORTING_MALLOC=0 ") at Error
at jsStackTrace (C:\Users\sasch\AppData\Roaming\npm\node_modules\flif-wasm\lib\flif.js:5:16305)
at stackTrace (C:\Users\sasch\AppData\Roaming\npm\node_modules\flif-wasm\lib\flif.js:5:16476)
at abort (C:\Users\sasch\AppData\Roaming\npm\node_modules\flif-wasm\lib\flif.js:5:129113)
at abortOnCannotGrowMemory (C:\Users\sasch\AppData\Roaming\npm\node_modules\flif-wasm\lib\flif.js:5:17573)
at wasm-function[1157]:42
at wasm-function[1002]:3372
at wasm-function[1119]:19
at wasm-function[57]:113
at wasm-function[51]:248
at wasm-function[487]:8607
If this abort() is unexpected, build with -s ASSERTIONS=1 which can give more information.
(node:17756) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:17756) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
read_big_endian_varint
can report error but cannot abort. No callers check its error.
It seems the source doesn't really want to use exceptions, but I think it should work on this type of error.
Hello flif team,
As part of our fuzzing efforts at Google, we have identified an issue affecting flif (tested with revision * master cfd25e57578ccd047dd2177aea2924f5a3fa1e5f).
To reproduce, we are attaching a Dockerfile which compiles the project with LLVM, taking advantage of the sanitizers that it offers. More information about how to use the attached Dockerfile can be found here: https://docs.docker.com/engine/reference/builder/
TL;DR instructions: artifacts_71518751.zip
mkdir project
cp Dockerfile.flif /path/to/project/Dockerfile
docker build --no-cache /path/to/project
docker run -it image_id_from_docker_build
From another terminal, outside the container:
docker cp /path/to/attached/reproducer running_container_hostname:/fuzzing/reproducer
(reference: https://docs.docker.com/engine/reference/commandline/cp/)And, back inside the container:
/fuzzing/repro.sh /fuzzing/reproducer
Alternatively, and depending on the bug, you could use gcc, valgrind or other instrumentation tools to aid in the investigation. The sanitizer error that we encountered is here:
We will gladly work with you so you can successfully confirm and reproduce this issue. Do let us know if you have any feedback surrounding the documentation.
Once you have reproduced the issue, we'd appreciate to learn your expected timeline for an update to be released. With any fix, please attribute the report to "Google Autofuzz project".
We are also pleased to inform you that your project is eligible for inclusion to the OSS-Fuzz project, which can provide additional continuous fuzzing, and encourage you to investigate integration options.
Don't hesitate to let us know if you have any questions!
Google AutoFuzz Team