Testcase for out-of-memory

Follow test/fuzz/README.md to install latest clang and libFuzzer then: ``` export PATH="$HOME/third_party/llvm-build/Release+Asserts/bin:$PATH" export LIB_FUZZER_PATH="$HOME/src/compiler-rt/lib/fuzzer/libFuzzer.a" ./script/configure ./script/build-fuzzers ruby ./script/reproduce ruby ./oom-1 ``` which gives: ``` /home/philipturnbull/src/tree-sitter/out/ruby_fuzzer: Running 1 inputs 1 time(s) each. Running: ./oom-1 ==4257== ERROR: libFuzzer: out-of-memory (used: 1051Mb; limit: 1024Mb) To change the out-of-memory limit use -rss_limit_mb=<N> Live Heap Allocations: 1086637843 bytes in 13638 chunks; quarantined: 669298 bytes in 104 chunks; 7256 other chunks; total chunks: 20998; showing top 95% (at most 8 unique contexts) 1055741504 byte(s) (97%) in 13495 allocation(s) 0 0x4c180a in calloc /b/build/slave/linux_upload_clang/build/src/third_party/llvm/compiler-rt/lib/asan/asan_malloc_linux.cc:97:3 1 0xa952fe in ts_calloc (/home/philipturnbull/src/tree-sitter/out/ruby_fuzzer+0xa952fe) 2 0xa9492e in ts_tree_array_copy (/home/philipturnbull/src/tree-sitter/out/ruby_fuzzer+0xa9492e) 3 0xaf1479 in ts_stack_pop_count (/home/philipturnbull/src/tree-sitter/out/ruby_fuzzer+0xaf1479) 4 0xa5edbe in parser__reduce (/home/philipturnbull/src/tree-sitter/out/ruby_fuzzer+0xa5edbe) 5 0xa901af in parser__do_all_potential_reductions (/home/philipturnbull/src/tree-sitter/out/ruby_fuzzer+0xa901af) 6 0xa6dc3d in parser__handle_error (/home/philipturnbull/src/tree-sitter/out/ruby_fuzzer+0xa6dc3d) 7 0xa4e217 in parser__advance (/home/philipturnbull/src/tree-sitter/out/ruby_fuzzer+0xa4e217) 8 0xa457a0 in parser_parse (/home/philipturnbull/src/tree-sitter/out/ruby_fuzzer+0xa457a0) 9 0xa1461c in ts_document_parse_with_options (/home/philipturnbull/src/tree-sitter/out/ruby_fuzzer+0xa1461c) 10 0x4f135a in LLVMFuzzerTestOneInput (/home/philipturnbull/src/tree-sitter/out/ruby_fuzzer+0x4f135a) 11 0xb42d72 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /home/philipturnbull/src/compiler-rt/lib/fuzzer/./FuzzerLoop.cpp:517:13 12 0xb35f4a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /home/philipturnbull/src/compiler-rt/lib/fuzzer/./FuzzerDriver.cpp:280:3 13 0xb3a708 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /home/philipturnbull/src/compiler-rt/lib/fuzzer/./FuzzerDriver.cpp:703:9 14 0xb35ca0 in main /home/philipturnbull/src/compiler-rt/lib/fuzzer/./FuzzerMain.cpp:20:10 15 0x7f092214f82f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291 SUMMARY: libFuzzer: out-of-memory ```
tree-sitter · Feb 28, 2018 · 4212ea5 · 4212ea5
1 parent dbecd95
commit 4212ea5
Show file tree

Hide file tree

Showing 6 changed files with 11 additions and 5 deletions.
diff --git a/oom-1 b/oom-1
@@ -0,0 +1 @@
+,l:!.�inu
diff --git a/oom-2 b/oom-2
@@ -0,0 +1 @@
+&if�F:*.�ensures
diff --git a/oom-3 b/oom-3
@@ -0,0 +1 @@
+D		case{A,**(u(.:def{k**,E
diff --git a/oom-4 b/oom-4
@@ -0,0 +1 @@
+��r�*+=**ca=*ce*~f�case�T�;;;;..rs(.:2{��D`'rseher
diff --git a/script/reproduce b/script/reproduce
@@ -10,6 +10,8 @@ fi
 lang="$1"
 testcase="$2"
 
-out="out"
-ASAN_OPTIONS="quarantine_size_mb=10:detect_leaks=1" UBSAN="print_stacktrace=1:halt_on_error=1" \
-  "${out}/${lang}_fuzzer" "$testcase" -timeout=1 -runs=100
+out=$(cd $(dirname $0)/../out && pwd)
+export ASAN_OPTIONS="quarantine_size_mb=10:detect_leaks=1:symbolize=1"
+export UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1:symbolize=1"
+
+"${out}/${lang}_fuzzer" "$testcase" -timeout=10 -runs=1 -rss_limit_mb=1024
diff --git a/test/fuzz/README.md b/test/fuzz/README.md
@@ -8,8 +8,8 @@ The main fuzzing logic is implemented by `libFuzzer` which is part of the LLVM p
 
 ```
 cd ~/src
-git clone https://github.com/llvm-mirror/llvm
-cd llvm/lib/Fuzzer
+git clone https://github.com/llvm-mirror/compiler-rt
+cd compiler-rt/lib/fuzzer
 ./build.sh
 ```