Skip to content

/ jsfuzz

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allocation failed - JavaScript heap out of memory (tokenize) #5

Open
cawalch opened this issue Nov 2, 2019 · 4 comments
Open

Allocation failed - JavaScript heap out of memory (tokenize) #5

cawalch opened this issue Nov 2, 2019 · 4 comments

Comments

@cawalch
Copy link

@cawalch cawalch commented Nov 2, 2019

I encountered a core dump while fuzzing that traces back to jsfuzz's versifier.js:413

[6242:0x34faa20]    18540 ms: Mark-sweep 1291.7 (1426.7) -> 1291.7 (1427.2) MB, 15.0 / 0.0 ms  (average mu = 0.244, current mu = 0.169) allocation failure GC in old space requested
[6242:0x34faa20]    18549 ms: Mark-sweep 1292.4 (1427.2) -> 1292.1 (1427.2) MB, 7.8 / 0.1 ms  (average mu = 0.212, current mu = 0.153) allocation failure GC in old space requested


<--- JS stacktrace --->

==== JS stack trace =========================================

    0: ExitFrame [pc: 0x16ebcc0dbe1d]
Security context: 0x147d4f69e6e9 <JSObject>
    1: tokenize(aka tokenize) [0x14d370af2101] [/home/me/.nvm/versions/node/v10.16.3/lib/node_modules/jsfuzz/build/src/versifier.js:~413] [pc=0x16ebcc0ea74d](this=0x35c17a8826f1 <undefined>,data=0x1bc2ece351d1 <Uint8Array map = 0xc82d755b89>)
    2: BuildVerse [0x14d370af1e01] [/home/me/.nvm/versions/node/v10.16.3/lib/node_modules/jsfuzz/build/src/...

It also generated a corpus file of ~144K, while the average corpus size was ~20 bytes

jsfuzz - 1.0.10
node - 10.16.3
@yevgenypats
Copy link
Contributor

@yevgenypats yevgenypats commented Nov 2, 2019

Hey @cawalch thanks for reporting! versifier is a new algorithm that we just released and it can be disabled with --versifier=false just as a quick work-around.

Any chance you can share with me the fuzz-target or a repo that will help me to reproduce this behaviour?
@cawalch
Copy link
Author

@cawalch cawalch commented Nov 2, 2019

...can be disabled with --versifier=false just as a quick work-around.

Got it. Thanks.

Any chance you can share with me the fuzz-target or a repo that will help me to reproduce this behaviour?

https://github.com/asciidoctor/asciidoctor.js

Corpus seed

http://asciidoctor.org[*Asciidoctor*] running on https://opalrb.com[_Opal_]  brings AsciiDoc to Node.js!

Hopefully that helps.
@mattacosta
Copy link

@mattacosta mattacosta commented Dec 27, 2019

I just tried this tool out and I've been seeing this a lot as well. On one run, I even had a 40MB corpus file.

Since maximum call stack errors were expected in my project, I also put this code into my fuzz function and don't recall seeing it since.

if (buffer.length > 1024) {
  return;
}
@yevgenypats
Copy link
Contributor

@yevgenypats yevgenypats commented Dec 28, 2019

Thanks for reporting I think I'll disable versifier for now by default.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
@cawalch @mattacosta @yevgenypats
You can’t perform that action at this time.