<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - llvm-opt-fuzzer produces invalid bitcode files, which allocate too much memory for oss-fuzz"

   href="https://bugs.llvm.org/show_bug.cgi?id=40301">40301</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>llvm-opt-fuzzer produces invalid bitcode files, which allocate too much memory for oss-fuzz

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>libraries

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>enhancement

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Support Libraries

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>florian_hahn@apple.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>I had a look at a few oss-fuzz issues (see below) that failed with

out-of-memory and the ones I looked at did not expose problems with

transformations. Instead they fail with out-of-memory, because the bitcode

files they use have invalid forward references, with very high indices (e.g.

because they use relative IDs that wrap around) and we end up running out of

memory when resizing the value list in BitcodeReaderValueList::getValueFwdRef.

Maybe the fuzzers could avoid creating such invalid bitcode files?

<a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12352">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12352</a>

<a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12442">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12442</a>

<a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12239">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12239</a></pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>