<html>
    <head>
      <base href="https://bugs.llvm.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - llvm-opt-fuzzer produces invalid bitcode files, which allocate too much memory for oss-fuzz"
   href="https://bugs.llvm.org/show_bug.cgi?id=40301">40301</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>llvm-opt-fuzzer produces invalid bitcode files, which allocate too much memory for oss-fuzz
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>libraries
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>trunk
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>enhancement
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Support Libraries
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>unassignedbugs@nondot.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>florian_hahn@apple.com
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>llvm-bugs@lists.llvm.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>I had a look at a few oss-fuzz issues (see below) that failed with
out-of-memory and the ones I looked at did not expose problems with
transformations. Instead they fail with out-of-memory, because the bitcode
files they use have invalid forward references, with very high indices (e.g.
because they use relative IDs that wrap around) and we end up running out of
memory when resizing the value list in BitcodeReaderValueList::getValueFwdRef.

Maybe the fuzzers could avoid creating such invalid bitcode files?


<a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12352">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12352</a>
<a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12442">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12442</a>
<a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12239">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12239</a></pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>