Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Out of Memory in TileOffsets (73566621) #270

Closed
Google-Autofuzz opened this issue Feb 23, 2018 · 0 comments
Closed

Out of Memory in TileOffsets (73566621) #270

Google-Autofuzz opened this issue Feb 23, 2018 · 0 comments
Labels
Bug A bug in the source code

Comments

@Google-Autofuzz
Copy link

Hello OpenEXR team,

As part of our fuzzing efforts at Google, we have identified an issue affecting
OpenEXR (tested with revision * develop 165dcea).

To reproduce, we are attaching a Dockerfile which compiles the project with
LLVM, taking advantage of the sanitizers that it offers. More information about
how to use the attached Dockerfile can be found here:
https://docs.docker.com/engine/reference/builder/

TL;DR instructions:

  • mkdir project
  • cp Dockerfile.OpenEXR /path/to/project/Dockerfile
  • docker build --no-cache /path/to/project
  • docker run --cap-add=SYS_PTRACE -it image_id_from_docker_build

From another terminal, outside the container:
docker cp /path/to/attached/reproducer running_container_hostname:/fuzzing/reproducer
(reference: https://docs.docker.com/engine/reference/commandline/cp/)

And, back inside the container:
/fuzzing/repro.sh /fuzzing/reproducer

Alternatively, and depending on the bug, you could use gcc, valgrind or other
instrumentation tools to aid in the investigation. The sanitizer error that we
encountered is here:

Sanitizer report:
Live Heap Allocations: 2130475751 bytes in 1215 chunks; quarantined: 13993 bytes in 60 chunks; 7748 other chunks; total chunks: 9023; showing top 95% (at most 8 unique contexts)
2080377760 byte(s) (97%) in 620 allocation(s)
    #1 0x55bb5ee03532 in Imf_2_2::TileOffsets::TileOffsets(Imf_2_2::LevelMode, int, int, int const*, int const*) openexr/IlmImf/ImfTileOffsets.cpp:73:33
    #2 0x55bb5edf42ab in Imf_2_2::TiledInputFile::initialize() openexr/IlmImf/ImfTiledInputFile.cpp:970:26
    #3 0x55bb5edf53ed in Imf_2_2::TiledInputFile::TiledInputFile(Imf_2_2::Header const&, Imf_2_2::IStream*, int, int) openexr/IlmImf/ImfTiledInputFile.cpp:845:5
    #4 0x55bb5eed8e3f in Imf_2_2::InputFile::initialize() openexr/IlmImf/ImfInputFile.cpp:546:32
    #5 0x55bb5eed79e7 in Imf_2_2::InputFile::InputFile(char const*, int) openexr/IlmImf/ImfInputFile.cpp:383:13
    #6 0x55bb5ee48ba3 in Imf_2_2::RgbaInputFile::RgbaInputFile(char const*, int) openexr/IlmImf/ImfRgbaFile.cpp:1166:21
    #7 0x55bb5eda5485 in (anonymous namespace)::readSingleImage(char const*, float, float, Imf_2_2::Envmap, bool, EnvmapImage&, Imf_2_2::Header&, Imf_2_2::RgbaChannels&) openexr/exrenvmap/readInputImage.cpp:78:19

We will gladly work with you so you can successfully confirm and reproduce this
issue. Do let us know if you have any feedback surrounding the documentation.

Once you have reproduced the issue, we'd appreciate to learn your expected
timeline for an update to be released. With any fix, please attribute the report
to "Google Autofuzz project".

We are also pleased to inform you that your project is eligible for inclusion to
the OSS-Fuzz project, which can provide additional continuous fuzzing, and
encourage you to investigate integration options.

Don't hesitate to let us know if you have any questions!

Google AutoFuzz Team

artifacts_73566621.zip
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug A bug in the source code
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@peterhillman @cary-ilm @Google-Autofuzz