jameysharp
commented
2 years ago OSS-Fuzz found this eventually. The upstream report is at https://oss-fuzz.com/testcase-detail/5517981379854336.
Closed afonso360 closed 2 years ago
jameysharp
commented
2 years ago OSS-Fuzz found this eventually. The upstream report is at https://oss-fuzz.com/testcase-detail/5517981379854336.
fitzgen
commented
2 years ago I think we can close this since #4937 landed.
jameysharp
commented
2 years ago OSS-Fuzz also reported a second copy of this bug: the first was from the cranelift-icache fuzz target, and https://oss-fuzz.com/testcase-detail/4589725633085440 is from the cranelift-fuzzgen target.
I expect both are fixed by the revert but, for the record, OSS-Fuzz hasn't closed them yet.
👋 Hey, cranelift-fuzzgen reported this today when I rebased some other work on top of
main. This is probably also on OSS-Fuzz I would guess.Reverting 562bb25360a2f366a482e15fc148bab7267a9266 makes it go away, so cc: @adambratschikaye .
Edit: I should clarify, the input below crashes on
mainTest case input
``` ZcYNuSMxRvSWnfAyAAAAADkgCKkAfX19ffN9ff///wUAAakAfX19fX19fX3wAAAAAAAA+f8A/8Ir w8PDwwAAyTw83aQAABBbIAABCAAAAE5dCk2TY2hpQUFB/0FBQUH////////+/v7+/v7+AQAAAAAA AHz+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+ /v7+/v7+/v7+/v7+/v7+/v7/A/7+/v7+/gAA/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+ /v7+/v7+BAAAAAAAAAD+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/nr+/v7+/v7+/v7+/v7+/v7+/v7+ /v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+/v7+//////////////////////////////// ////7///////BAAAAAAAAAAAAADSAQAAwzvDw8PDEgIACgAAAC8BwwAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAgAAAAAAAAAAAAAAAAdAAAAAAAAAAAAABAANTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU 1NTU1NTU1NTU1NRVAP//////ALoAAQAAMAAAAAAAAAAABwABBP3+AAAGwwD6+gAAAAjptv8A/3Xj tQAAAAEQAABsAAAAACEAAAUAwH19fX0BAAC6fQECMHNzECxdwyXDw37Dw8c8PAAAAAAAANYIAAAA AADSAQAAwzvDw8PDEgIACgAAAAHDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAB0AAAAAAAAAAAAAEAAwH19fX0BAAC6fQECMXNzECxdwyXDw37Dw8c8PAAAAAAAANYIAAAAAADS AQAAwzvDw8PDEgIACgAAAAHDAAAAAAAAAAAAAAAAAAAAAAD2AAAAAAAAAAAAAAAAAAAAAAAAAAB0 AAAAAAAAAAAAAEAA1NTU1NTU1P7+/v7+/v7+/v7+/v7+/v7+/tTU1NTU1NTU1FX/AP////8AugAB AAAgAAAAAAAAAAAHAAEE/f4AAAbDAPr6AAAACOm2/wD/deO1AF0AAAEQAABsAAAAACEAAAUAwH19 w8PDEgIHAABzLA== ````cargo +nightly fuzz fmt` output
Unfortunately this fails at a stage where we can't generate a nice function. ``` afonso@DESKTOP-VSTS4BC:~/git/wasmtime/fuzz$ cargo fuzz fmt --no-default-features cranelift-fuzzgen artifacts/cranelift-fuzzgen/oom-ed 0e2a716f0af472061144dc347e6ea40156028f Error: failed to run `cargo fuzz fmt` on input: artifacts/cranelift-fuzzgen/oom-ed0e2a716f0af472061144dc347e6ea40156028f Caused by: Fuzz target 'cranelift-fuzzgen' exited with failure when attemping to debug formatting an interesting input that we discovered! Artifact: artifacts/cranelift-fuzzgen/oom-ed0e2a716f0af472061144dc347e6ea40156028f Command: "cargo" "run" "--manifest-path" "/home/afonso/git/wasmtime/fuzz/Cargo.toml" "--target" "x86_64-unknown-linux-gnu" "--release" "--no-default-features" "--bin" "cranelift-fuzzgen" "--" "-artifact_prefix=/home/afonso/git/wasmtime/fuzz/artifacts/cranelift-fuzzgen/" "artifacts/cranelift-fuzzgen/oom-ed0e2a716f0af472061144dc347e6ea40156028f" Status: exit status: 71 === stdout === === stderr === Finished release [optimized] target(s) in 0.13s Running `/home/afonso/git/wasmtime/target/x86_64-unknown-linux-gnu/release/cranelift-fuzzgen -artifact_prefix=/home/afonso/git/wasmtime/fuzz/artifacts/cranelift-fuzzgen/ artifacts/cranelift-fuzzgen/oom-ed0e2a716f0af472061144dc347e6ea40156028f` INFO: Running with entropic power schedule (0xFF, 100). INFO: Seed: 3681649001 INFO: Loaded 1 modules (834566 inline 8-bit counters): 834566 [0x55cbaf535a10, 0x55cbaf601616), INFO: Loaded 1 PC tables (834566 PCs): 834566 [0x55cbaf601618,0x55cbb02bd678), /home/afonso/git/wasmtime/target/x86_64-unknown-linux-gnu/release/cranelift-fuzzgen: Running 1 inputs 1 time(s) each. Running: artifacts/cranelift-fuzzgen/oom-ed0e2a716f0af472061144dc347e6ea40156028f ==28989== ERROR: libFuzzer: out-of-memory (malloc(3221225472)) To change the out-of-memory limit use -rss_limit_mb=Stack trace or other relevant details
``` Running `/home/afonso/git/wasmtime/target/x86_64-unknown-linux-gnu/release/cranelift-fuzzgen -artifact_prefix=/home/afonso/git/wasmtime/fuzz/artifacts/cranelift-fuzzgen/ artifacts/cranelift-fuzzgen/oom-ed0e2a716f0af472061144dc347e6ea40156028f` INFO: Running with entropic power schedule (0xFF, 100). INFO: Seed: 2526852675 INFO: Loaded 1 modules (834566 inline 8-bit counters): 834566 [0x557e2aeaba10, 0x557e2af77616), INFO: Loaded 1 PC tables (834566 PCs): 834566 [0x557e2af77618,0x557e2bc33678), /home/afonso/git/wasmtime/target/x86_64-unknown-linux-gnu/release/cranelift-fuzzgen: Running 1 inputs 1 time(s) each. Running: artifacts/cranelift-fuzzgen/oom-ed0e2a716f0af472061144dc347e6ea40156028f ==28975== ERROR: libFuzzer: out-of-memory (malloc(3221225472)) To change the out-of-memory limit use -rss_limit_mb=