Stream: git-wasmtime

Topic: wasmtime / Issue #1205 Should Cranelift's test parser be ...


view this post on Zulip Wasmtime GitHub notifications bot (Mar 04 2020 at 19:54):

alexcrichton closed Issue #1205:

Wasmtime is hooked up to oss-fuzz which means that our fuzz targets get an abnormally large amount of coverage, which in turn means that if we want to fuzz something we should be quite sure we're ready for all sorts of bugs. In that sense do we want to disable Cranelift's reader_parse_test?

Looks like over the weekend an OOM was found which amounted to the input:

function%(){block225322254

Doing some debugging the parser allocations a huge amount of memory in this loop because it's appending 225322254 blocks.

While this could probably be fixed by perhaps using a more sparse encoding or something like that, I wanted to ask a question here first if we're ready for these kinds of fuzz bugs. For example is this worth it to fix at this time? I don't know much about the cranelift parser/format, so wanted to ask others what they felt about this!


Last updated: Nov 22 2024 at 16:03 UTC