Wasmtime GitHub notifications bot (Mar 04 2020 at 19:54): Wasmtime GitHub notifications bot (Mar 04 2020 at 19:54):alexcrichton closed Issue #1205:
Wasmtime is hooked up to oss-fuzz which means that our fuzz targets get an abnormally large amount of coverage, which in turn means that if we want to fuzz something we should be quite sure we're ready for all sorts of bugs. In that sense do we want to disable Cranelift's
reader_parse_test?Looks like over the weekend an OOM was found which amounted to the input:
function%(){block225322254Doing some debugging the parser allocations a huge amount of memory in this loop because it's appending 225322254 blocks.
While this could probably be fixed by perhaps using a more sparse encoding or something like that, I wanted to ask a question here first if we're ready for these kinds of fuzz bugs. For example is this worth it to fix at this time? I don't know much about the cranelift parser/format, so wanted to ask others what they felt about this!
Last updated: Oct 23 2024 at 20:03 UTC