-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[mupdf]: malloc() does not return NULL upon out of memory... #1830
Comments
The root cause is that a fuzzing VM has more than 2GB and therefore //cc @oliverchang @kcc @morehouse, I feel like we've had a discussion about another way to handle OOMs some time ago. |
We may try to use cgroups to restrict the memory available to a process, but that adds complexity to our infrastructure and I'm not sure how well this will actually work in practice. It's not clear that malloc will always return NULL on oom anyway. This may also mask legitimate OOMs that could be fixed, so I'm not sure this is ideal as a general solution for handlings OOMs either. Perhaps there are cases where we will silently miss a lot of coverage because of failed allocations. I think our guidance thus far for handling large allocations is to set artificial limits in the library code before allocations (possibly under the "FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" define which we set in our builders). |
While looking for I did toy with disabling memory overcommit in my local docker container, but as @Dor1s confirms this wouldn't be a workable solution. |
…gle#1830) This fixes oss-fuzz google#5679 and oss-fuzz google#7803 for the mupdf project.
…gle#1830) (google#1832) This fixes oss-fuzz google#5679 and oss-fuzz google#7803 for the mupdf project.
Commit 02c1436 resolved this issue for mupdf since it implemented a custom allocator for mupdf. I'm not sure why commit 02c1436 mentions two issue numbers, perhaps there was a mix up. Anyway, this means that this issue is now resolved, and I will close it. Other projects probably would need to likewise implement their own custom allocators if they hit the same problem. |
In bug #1817 @Dor1s suggested that I take a look at oss-fuzz #7803
Just like in oss-fuzz #5679 mupdf runs out of memory.
I know from the faq that the fuzzer is restricted to 2Gbyte of memory. As we will always run into some fuzzed file that may cause us to attempt large allocations mupdf handles this by attempting to call
malloc()
and handle failures where it returnsNULL
and error out. What seems counterintuitive though is thatmalloc()
in the fuzzer does not returnNULL
at this point, instead the fuzzer aborts like in the log above, thereby not allowing mupdf to do its error recovery.I saw that in
infra/base-images/base-runner/Dockerfile
you setASAN_OPTIONS="allocator_may_return_null=1"
, however this seems does not seem to have any effect as it aborts beforemalloc()
is allowed to returnNULL
. How can I change my project so thatmalloc()
does returnNULL
when it runs out of memory?The text was updated successfully, but these errors were encountered: