starting build "6b1771b9-e1cc-4a52-a040-4308488b9cea" FETCHSOURCE BUILD Starting Step #0 Step #0: Already have image (with digest): gcr.io/cloud-builders/git Step #0: Cloning into 'oss-fuzz'... Finished Step #0 Starting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d" Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Already have image (with digest): gcr.io/cloud-builders/docker Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Sending build context to Docker daemon 5.12kB Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Step 1/5 : FROM gcr.io/oss-fuzz-base/base-builder Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": latest: Pulling from oss-fuzz-base/base-builder Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": b549f31133a9: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 376d71144b4a: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 92240faab440: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 321d5de98ff9: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 6b5ab720b758: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 63094baf9071: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 0e1b3d65bd58: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 3c0b0ab6bbd9: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 8bacb5674b42: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 2482cc94d0a2: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 3e64f9ca9bb1: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 11fbee66b8bc: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": f0724820763b: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 158ce984122a: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": c560bed52abc: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 180e2f442d09: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": cf09446ead2e: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": ec6332d42c41: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 321d5de98ff9: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 3d38f71885f9: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 7f283574f068: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": fdcf80b6836a: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 114513219d36: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 6fe1b574bbf4: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 6b5ab720b758: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 972fcac42ad2: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 0ade13b521fd: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 63094baf9071: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 206ec8a8e017: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 4236951d5d91: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": a89c87befc62: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 8bacb5674b42: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": a016026484e0: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 4b9e5b107716: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 2482cc94d0a2: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 852e63add0ff: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": a6e98bab7d07: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 3e64f9ca9bb1: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": ad69aa942610: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 6aec5954d4aa: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": cf98dce6d07e: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 7fafc5d7a1a1: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 0e1b3d65bd58: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 11fbee66b8bc: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 38efee1e343e: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": a29e36762fa7: Pulling fs layer Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 3c0b0ab6bbd9: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": f0724820763b: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": cf09446ead2e: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": ec6332d42c41: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 180e2f442d09: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 158ce984122a: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": a016026484e0: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 3d38f71885f9: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": c560bed52abc: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 4b9e5b107716: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 114513219d36: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 0ade13b521fd: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 7f283574f068: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 852e63add0ff: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 6fe1b574bbf4: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 206ec8a8e017: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 972fcac42ad2: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": a6e98bab7d07: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": ad69aa942610: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 4236951d5d91: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": a89c87befc62: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": fdcf80b6836a: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 6aec5954d4aa: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": a29e36762fa7: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 7fafc5d7a1a1: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": cf98dce6d07e: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 38efee1e343e: Waiting Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 92240faab440: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": b549f31133a9: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": b549f31133a9: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 321d5de98ff9: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 321d5de98ff9: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 63094baf9071: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 63094baf9071: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 6b5ab720b758: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 6b5ab720b758: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 3c0b0ab6bbd9: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 376d71144b4a: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 376d71144b4a: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 8bacb5674b42: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": b549f31133a9: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 3e64f9ca9bb1: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 3e64f9ca9bb1: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 11fbee66b8bc: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 11fbee66b8bc: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": f0724820763b: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": f0724820763b: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 158ce984122a: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 158ce984122a: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 2482cc94d0a2: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 2482cc94d0a2: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": c560bed52abc: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": c560bed52abc: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 180e2f442d09: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": cf09446ead2e: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": cf09446ead2e: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": ec6332d42c41: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": ec6332d42c41: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 3d38f71885f9: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 7f283574f068: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 7f283574f068: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": fdcf80b6836a: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": fdcf80b6836a: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 114513219d36: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 0e1b3d65bd58: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 0e1b3d65bd58: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 972fcac42ad2: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 972fcac42ad2: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 6fe1b574bbf4: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 6fe1b574bbf4: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 0ade13b521fd: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 0ade13b521fd: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 4236951d5d91: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 206ec8a8e017: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 206ec8a8e017: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": a89c87befc62: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": a89c87befc62: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": a016026484e0: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": a016026484e0: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 852e63add0ff: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 4b9e5b107716: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 4b9e5b107716: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": a6e98bab7d07: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": a6e98bab7d07: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": ad69aa942610: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 6aec5954d4aa: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": cf98dce6d07e: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": cf98dce6d07e: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 376d71144b4a: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 7fafc5d7a1a1: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 92240faab440: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 38efee1e343e: Verifying Checksum Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 38efee1e343e: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": a29e36762fa7: Download complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 321d5de98ff9: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 6b5ab720b758: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 63094baf9071: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 0e1b3d65bd58: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 3c0b0ab6bbd9: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 8bacb5674b42: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 2482cc94d0a2: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 3e64f9ca9bb1: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 11fbee66b8bc: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": f0724820763b: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 158ce984122a: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": c560bed52abc: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 180e2f442d09: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": cf09446ead2e: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": ec6332d42c41: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 3d38f71885f9: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 7f283574f068: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": fdcf80b6836a: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 114513219d36: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 6fe1b574bbf4: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 972fcac42ad2: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 0ade13b521fd: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 206ec8a8e017: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 4236951d5d91: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": a89c87befc62: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": a016026484e0: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 4b9e5b107716: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 852e63add0ff: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": a6e98bab7d07: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": ad69aa942610: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 6aec5954d4aa: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": cf98dce6d07e: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 7fafc5d7a1a1: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": 38efee1e343e: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": a29e36762fa7: Pull complete Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Digest: sha256:f7ca63babf8123be944d5e2e0f418f8bc8559b39cec5d421134ada5174bfe543 Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Status: Downloaded newer image for gcr.io/oss-fuzz-base/base-builder:latest Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": ---> b83c04fb5f25 Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Step 2/5 : RUN pip3 install meson ninja Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": ---> Running in d5b9290c15b0 Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Collecting meson Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Downloading meson-1.8.3-py3-none-any.whl.metadata (1.8 kB) Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Collecting ninja Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Downloading ninja-1.11.1.4-py3-none-manylinux_2_12_x86_64.manylinux2010_x86_64.whl.metadata (5.0 kB) Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Downloading meson-1.8.3-py3-none-any.whl (1.0 MB) Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.0/1.0 MB 26.9 MB/s 0:00:00 Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Downloading ninja-1.11.1.4-py3-none-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (422 kB) Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Installing collected packages: ninja, meson Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Successfully installed meson-1.8.3 ninja-1.11.1.4 Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager, possibly rendering your system unusable. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv. Use the --root-user-action option if you know what you are doing and want to suppress this warning. Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Removing intermediate container d5b9290c15b0 Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": ---> bb5ce2ee816d Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Step 3/5 : RUN git clone --depth 1 https://github.com/syoyo/tinygltf.git Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": ---> Running in 90863bcfe28c Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Cloning into 'tinygltf'... Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Removing intermediate container 90863bcfe28c Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": ---> b5431b8a1dc4 Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Step 4/5 : WORKDIR $SRC/tinygltf Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": ---> Running in ef4aa9c1c37d Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Removing intermediate container ef4aa9c1c37d Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": ---> f385fcd46c0f Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Step 5/5 : COPY build.sh $SRC/ Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": ---> df2c52a7d6a5 Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Successfully built df2c52a7d6a5 Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Successfully tagged gcr.io/oss-fuzz/tinygltf:latest Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d": Successfully tagged us-central1-docker.pkg.dev/oss-fuzz/unsafe/tinygltf:latest Finished Step #1 - "build-118de569-65bd-4d3f-8152-d8ed400c222d" Starting Step #2 - "srcmap" Step #2 - "srcmap": Already have image: gcr.io/oss-fuzz/tinygltf Step #2 - "srcmap": ++ tempfile Step #2 - "srcmap": + SRCMAP=/tmp/fileLeJ0vM Step #2 - "srcmap": + echo '{}' Step #2 - "srcmap": + PATHS_TO_SCAN=/src Step #2 - "srcmap": + [[ c++ == \g\o ]] Step #2 - "srcmap": ++ find /src -name .git -type d Step #2 - "srcmap": + for DOT_GIT_DIR in $(find $PATHS_TO_SCAN -name ".git" -type d) Step #2 - "srcmap": ++ dirname /src/tinygltf/.git Step #2 - "srcmap": + GIT_DIR=/src/tinygltf Step #2 - "srcmap": + cd /src/tinygltf Step #2 - "srcmap": ++ git config --get remote.origin.url Step #2 - "srcmap": + GIT_URL=https://github.com/syoyo/tinygltf.git Step #2 - "srcmap": ++ git rev-parse HEAD Step #2 - "srcmap": + GIT_REV=37250b3470b517fd6823ee82d6e0495695bb7924 Step #2 - "srcmap": + jq_inplace /tmp/fileLeJ0vM '."/src/tinygltf" = { type: "git", url: "https://github.com/syoyo/tinygltf.git", rev: "37250b3470b517fd6823ee82d6e0495695bb7924" }' Step #2 - "srcmap": ++ tempfile Step #2 - "srcmap": + F=/tmp/filebLsB9a Step #2 - "srcmap": + cat /tmp/fileLeJ0vM Step #2 - "srcmap": + jq '."/src/tinygltf" = { type: "git", url: "https://github.com/syoyo/tinygltf.git", rev: "37250b3470b517fd6823ee82d6e0495695bb7924" }' Step #2 - "srcmap": + mv /tmp/filebLsB9a /tmp/fileLeJ0vM Step #2 - "srcmap": ++ find /src -name .svn -type d Step #2 - "srcmap": ++ find /src -name .hg -type d Step #2 - "srcmap": + '[' '' '!=' '' ']' Step #2 - "srcmap": + cat /tmp/fileLeJ0vM Step #2 - "srcmap": + rm /tmp/fileLeJ0vM Step #2 - "srcmap": { Step #2 - "srcmap": "/src/tinygltf": { Step #2 - "srcmap": "type": "git", Step #2 - "srcmap": "url": "https://github.com/syoyo/tinygltf.git", Step #2 - "srcmap": "rev": "37250b3470b517fd6823ee82d6e0495695bb7924" Step #2 - "srcmap": } Step #2 - "srcmap": } Finished Step #2 - "srcmap" Starting Step #3 - "compile-libfuzzer-coverage-x86_64" Step #3 - "compile-libfuzzer-coverage-x86_64": Already have image (with digest): gcr.io/cloud-builders/docker Step #3 - "compile-libfuzzer-coverage-x86_64": --------------------------------------------------------------- Step #3 - "compile-libfuzzer-coverage-x86_64": vm.mmap_rnd_bits = 28 Step #3 - "compile-libfuzzer-coverage-x86_64": Compiling libFuzzer to /usr/lib/libFuzzingEngine.a... done. Step #3 - "compile-libfuzzer-coverage-x86_64": --------------------------------------------------------------- Step #3 - "compile-libfuzzer-coverage-x86_64": CC=clang Step #3 - "compile-libfuzzer-coverage-x86_64": CXX=clang++ Step #3 - "compile-libfuzzer-coverage-x86_64": CFLAGS=-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=enum-constexpr-conversion -Wno-error=incompatible-function-pointer-types -Wno-error=int-conversion -Wno-error=deprecated-declarations -Wno-error=implicit-function-declaration -Wno-error=implicit-int -Wno-error=vla-cxx-extension -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fprofile-instr-generate -fcoverage-mapping -pthread -Wl,--no-as-needed -Wl,-ldl -Wl,-lm -Wno-unused-command-line-argument Step #3 - "compile-libfuzzer-coverage-x86_64": CXXFLAGS=-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=enum-constexpr-conversion -Wno-error=incompatible-function-pointer-types -Wno-error=int-conversion -Wno-error=deprecated-declarations -Wno-error=implicit-function-declaration -Wno-error=implicit-int -Wno-error=vla-cxx-extension -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fprofile-instr-generate -fcoverage-mapping -pthread -Wl,--no-as-needed -Wl,-ldl -Wl,-lm -Wno-unused-command-line-argument -stdlib=libc++ Step #3 - "compile-libfuzzer-coverage-x86_64": RUSTFLAGS=--cfg fuzzing -Cdebuginfo=1 -Cforce-frame-pointers -Cinstrument-coverage -C link-arg=-lc++ Step #3 - "compile-libfuzzer-coverage-x86_64": --------------------------------------------------------------- Step #3 - "compile-libfuzzer-coverage-x86_64": + cd tests/fuzzer/ Step #3 - "compile-libfuzzer-coverage-x86_64": + meson build Step #3 - "compile-libfuzzer-coverage-x86_64": The Meson build system Step #3 - "compile-libfuzzer-coverage-x86_64": Version: 1.8.3 Step #3 - "compile-libfuzzer-coverage-x86_64": Source dir: /src/tinygltf/tests/fuzzer Step #3 - "compile-libfuzzer-coverage-x86_64": Build dir: /src/tinygltf/tests/fuzzer/build Step #3 - "compile-libfuzzer-coverage-x86_64": Build type: native build Step #3 - "compile-libfuzzer-coverage-x86_64": Project name: fuzz_tinygltf Step #3 - "compile-libfuzzer-coverage-x86_64": Project version: undefined Step #3 - "compile-libfuzzer-coverage-x86_64": C++ compiler for the host machine: clang++ (clang 18.1.8 "clang version 18.1.8 (https://github.com/llvm/llvm-project.git 3b5b5c1ec4a3095ab096dd780e84d7ab81f3d7ff)") Step #3 - "compile-libfuzzer-coverage-x86_64": C++ linker for the host machine: clang++ ld.bfd 2.34 Step #3 - "compile-libfuzzer-coverage-x86_64": Host machine cpu family: x86_64 Step #3 - "compile-libfuzzer-coverage-x86_64": Host machine cpu: x86_64 Step #3 - "compile-libfuzzer-coverage-x86_64": Build targets in project: 1 Step #3 - "compile-libfuzzer-coverage-x86_64": Step #3 - "compile-libfuzzer-coverage-x86_64": Found ninja-1.11.1.git.kitware.jobserver-1 at /usr/local/bin/ninja Step #3 - "compile-libfuzzer-coverage-x86_64": WARNING: Running the setup command as `meson [options]` instead of `meson setup [options]` is ambiguous and deprecated. Step #3 - "compile-libfuzzer-coverage-x86_64": + cd build Step #3 - "compile-libfuzzer-coverage-x86_64": ++ nproc Step #3 - "compile-libfuzzer-coverage-x86_64": + ninja -j32 Step #3 - "compile-libfuzzer-coverage-x86_64": [0/2] Compiling C++ object fuzz_gltf.p/fuzz_gltf.cc.o [1/2] Compiling C++ object fuzz_gltf.p/fuzz_gltf.cc.o [1/2] Linking target fuzz_gltf [2/2] Linking target fuzz_gltf Step #3 - "compile-libfuzzer-coverage-x86_64": + cp fuzz_gltf /workspace/out/libfuzzer-coverage-x86_64/ Finished Step #3 - "compile-libfuzzer-coverage-x86_64" Starting Step #4 Step #4: Pulling image: gcr.io/oss-fuzz-base/base-runner Step #4: Using default tag: latest Step #4: latest: Pulling from oss-fuzz-base/base-runner Step #4: b549f31133a9: Already exists Step #4: 376d71144b4a: Already exists Step #4: 92240faab440: Already exists Step #4: 243854e1edc4: Pulling fs layer Step #4: d305c261bbb4: Pulling fs layer Step #4: 58a747249613: Pulling fs layer Step #4: 7d5b1f24dbe8: Pulling fs layer Step #4: 150fab9daa6d: Pulling fs layer Step #4: 029cfb818b6e: Pulling fs layer Step #4: ecd354590cdd: Pulling fs layer Step #4: 88baa1622773: Pulling fs layer Step #4: 2cf6a414ac48: Pulling fs layer Step #4: 3379e7ac0212: Pulling fs layer Step #4: 3e6da6b00ae6: Pulling fs layer Step #4: 09adefa95877: Pulling fs layer Step #4: 4ad3e56deb72: Pulling fs layer Step #4: 3a17bd3d3be6: Pulling fs layer Step #4: f955697a7128: Pulling fs layer Step #4: cf26144f4276: Pulling fs layer Step #4: c64de9e1b87d: Pulling fs layer Step #4: ab1625d3addd: Pulling fs layer Step #4: cda4f74a0824: Pulling fs layer Step #4: 64dea94b8943: Pulling fs layer Step #4: 01fbf3a68bf8: Pulling fs layer Step #4: 8222bda34d4e: Pulling fs layer Step #4: 88baa1622773: Waiting Step #4: a6c7dbd5ada1: Pulling fs layer Step #4: 2cf6a414ac48: Waiting Step #4: 09adefa95877: Waiting Step #4: 4ad3e56deb72: Waiting Step #4: 3379e7ac0212: Waiting Step #4: 3a17bd3d3be6: Waiting Step #4: 3e6da6b00ae6: Waiting Step #4: f955697a7128: Waiting Step #4: 64dea94b8943: Waiting Step #4: cf26144f4276: Waiting Step #4: 01fbf3a68bf8: Waiting Step #4: 8222bda34d4e: Waiting Step #4: c64de9e1b87d: Waiting Step #4: a6c7dbd5ada1: Waiting Step #4: ab1625d3addd: Waiting Step #4: 7d5b1f24dbe8: Waiting Step #4: cda4f74a0824: Waiting Step #4: 150fab9daa6d: Waiting Step #4: ecd354590cdd: Waiting Step #4: 029cfb818b6e: Waiting Step #4: 58a747249613: Download complete Step #4: 243854e1edc4: Download complete Step #4: d305c261bbb4: Verifying Checksum Step #4: d305c261bbb4: Download complete Step #4: 150fab9daa6d: Verifying Checksum Step #4: 150fab9daa6d: Download complete Step #4: 243854e1edc4: Pull complete Step #4: 7d5b1f24dbe8: Verifying Checksum Step #4: 7d5b1f24dbe8: Download complete Step #4: ecd354590cdd: Verifying Checksum Step #4: ecd354590cdd: Download complete Step #4: 88baa1622773: Download complete Step #4: d305c261bbb4: Pull complete Step #4: 2cf6a414ac48: Download complete Step #4: 58a747249613: Pull complete Step #4: 3e6da6b00ae6: Verifying Checksum Step #4: 3e6da6b00ae6: Download complete Step #4: 029cfb818b6e: Verifying Checksum Step #4: 029cfb818b6e: Download complete Step #4: 7d5b1f24dbe8: Pull complete Step #4: 09adefa95877: Verifying Checksum Step #4: 09adefa95877: Download complete Step #4: 150fab9daa6d: Pull complete Step #4: 4ad3e56deb72: Download complete Step #4: f955697a7128: Download complete Step #4: 3379e7ac0212: Verifying Checksum Step #4: 3379e7ac0212: Download complete Step #4: 3a17bd3d3be6: Verifying Checksum Step #4: 3a17bd3d3be6: Download complete Step #4: c64de9e1b87d: Verifying Checksum Step #4: c64de9e1b87d: Download complete Step #4: ab1625d3addd: Verifying Checksum Step #4: ab1625d3addd: Download complete Step #4: cda4f74a0824: Download complete Step #4: 64dea94b8943: Verifying Checksum Step #4: 64dea94b8943: Download complete Step #4: 01fbf3a68bf8: Verifying Checksum Step #4: 01fbf3a68bf8: Download complete Step #4: 8222bda34d4e: Download complete Step #4: a6c7dbd5ada1: Verifying Checksum Step #4: a6c7dbd5ada1: Download complete Step #4: cf26144f4276: Verifying Checksum Step #4: cf26144f4276: Download complete Step #4: 029cfb818b6e: Pull complete Step #4: ecd354590cdd: Pull complete Step #4: 88baa1622773: Pull complete Step #4: 2cf6a414ac48: Pull complete Step #4: 3379e7ac0212: Pull complete Step #4: 3e6da6b00ae6: Pull complete Step #4: 09adefa95877: Pull complete Step #4: 4ad3e56deb72: Pull complete Step #4: 3a17bd3d3be6: Pull complete Step #4: f955697a7128: Pull complete Step #4: cf26144f4276: Pull complete Step #4: c64de9e1b87d: Pull complete Step #4: ab1625d3addd: Pull complete Step #4: cda4f74a0824: Pull complete Step #4: 64dea94b8943: Pull complete Step #4: 01fbf3a68bf8: Pull complete Step #4: 8222bda34d4e: Pull complete Step #4: a6c7dbd5ada1: Pull complete Step #4: Digest: sha256:461b8f4a8569deb3ebd275ab6e9833f33d325f370dc26ef830d4afcfa930c0b6 Step #4: Status: Downloaded newer image for gcr.io/oss-fuzz-base/base-runner:latest Step #4: gcr.io/oss-fuzz-base/base-runner:latest Finished Step #4 Starting Step #5 Step #5: Already have image (with digest): gcr.io/oss-fuzz-base/base-runner Step #5: Running fuzz_gltf Step #5: Error occured while running fuzz_gltf: Step #5: Cov returncode: 0, grep returncode: 0 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 391311582 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x562700e86b30, 0x562700e8a794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x562700e8a798,0x562700ec6dd8), Step #5: MERGE-OUTER: 12669 files, 0 in the initial corpus, 0 processed earlier Step #5: MERGE-OUTER: attempt 1 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 391378773 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x55ea1eb5fb30, 0x55ea1eb63794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x55ea1eb63798,0x55ea1eb9fdd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: 12669 total files; 0 processed earlier; will process 12669 files now Step #5: #1 pulse cov: 101 ft: 102 exec/s: 0 rss: 38Mb Step #5: #2 pulse cov: 101 ft: 102 exec/s: 0 rss: 38Mb Step #5: #4 pulse cov: 251 ft: 253 exec/s: 0 rss: 40Mb Step #5: #8 pulse cov: 323 ft: 336 exec/s: 0 rss: 40Mb Step #5: #16 pulse cov: 389 ft: 446 exec/s: 0 rss: 40Mb Step #5: #32 pulse cov: 437 ft: 525 exec/s: 0 rss: 41Mb Step #5: #64 pulse cov: 559 ft: 684 exec/s: 0 rss: 41Mb Step #5: #128 pulse cov: 645 ft: 963 exec/s: 0 rss: 43Mb Step #5: #256 pulse cov: 753 ft: 1151 exec/s: 0 rss: 45Mb Step #5: #512 pulse cov: 843 ft: 1424 exec/s: 0 rss: 49Mb Step #5: #1024 pulse cov: 964 ft: 2190 exec/s: 0 rss: 57Mb Step #5: #2048 pulse cov: 1207 ft: 3885 exec/s: 0 rss: 59Mb Step #5: #4096 pulse cov: 3118 ft: 10350 exec/s: 0 rss: 68Mb Step #5: ==42== ERROR: libFuzzer: out-of-memory (used: 2067Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 50815889 bytes in 33220 chunks; quarantined: 9885908 bytes in 7484 chunks; 54839 other chunks; total chunks: 95543; showing top 95% (at most 8 unique contexts) Step #5: 24383096 byte(s) (47%) in 11 allocation(s) Step #5: #0 0x55ea1e79cfdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55ea1e9fcd73 in operator new(unsigned long) cxa_noexception.cpp Step #5: #2 0x55ea1e6ad1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #3 0x7f34b8058082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--operator new(unsigned long)--main Step #5: 22321593 byte(s) (43%) in 1 allocation(s) Step #5: #0 0x55ea1e79cfdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55ea1e87cba8 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x55ea1e87cba8 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x55ea1e87cba8 in stbi__tga_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:5946:31 Step #5: #4 0x55ea1e85ff06 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1182:14 Step #5: #5 0x55ea1e7dcc79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x55ea1e7fff7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x55ea1e7fff7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x55ea1e8fcf02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x55ea1e8fcf02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x55ea1e8fcf02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x55ea1e8fcf02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x55ea1e96f7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x55ea1e96f7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x55ea1e96f7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x55ea1e823c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x55ea1e823c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x55ea1e8123da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x55ea1e85cc1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x55ea1e85cc1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x55ea1e85cc1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x55ea1e691210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x55ea1e69a7e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x55ea1e681d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x55ea1e6ad1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f34b8058082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 1216224 byte(s) (2%) in 12669 allocation(s) Step #5: #0 0x55ea1e79cfdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55ea1e9fcd73 in operator new(unsigned long) cxa_noexception.cpp Step #5: #2 0x55ea1e6987fa in fuzzer::Merger::Parse(std::__Fuzzer::basic_istream>&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:73:10 Step #5: #3 0x55ea1e69a32e in ParseOrExit /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:32:8 Step #5: #4 0x55ea1e69a32e in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:209:5 Step #5: #5 0x55ea1e681d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #6 0x55ea1e6ad1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f34b8058082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--operator new(unsigned long)--fuzzer::Merger::Parse(std::__Fuzzer::basic_istream>&, bool) Step #5: 1048576 byte(s) (2%) in 1 allocation(s) Step #5: #0 0x55ea1e79cfdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55ea1e9fcd73 in operator new(unsigned long) cxa_noexception.cpp Step #5: #2 0x55ea1e681d57 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:885:10 Step #5: #3 0x55ea1e6ad1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #4 0x7f34b8058082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--operator new(unsigned long)--fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x67,0x69,0x66,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x56,0x41,0x45,0x4a,0x47,0x39,0x31,0x41,0x41,0x42,0x42,0x68,0x61,0x6e,0x69,0x6d,0x69,0x77,0x41,0x5a,0x30,0x52,0x42,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/gif;base64,VAEJG91AABBhanimiwAZ0RB\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-6ca9b0432f7a957687970454e9b29b4fbaa9f356 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvZ2lmO2Jhc2U2NCxWQUVKRzkxQUFCQmhhbmltaXdBWjBSQiJ9XSwiYXNzZXQiOnsidmVyc2lvbiI6IiJ9fQ== Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 2 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 395670120 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x55d0418a5b30, 0x55d0418a9794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x55d0418a9798,0x55d0418e5dd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/6ca9b0432f7a957687970454e9b29b4fbaa9f356' caused a failure at the previous merge step Step #5: MERGE-INNER: 12669 total files; 5407 processed earlier; will process 7262 files now Step #5: #1 pulse cov: 789 ft: 790 exec/s: 0 rss: 38Mb Step #5: #2 pulse cov: 878 ft: 1040 exec/s: 0 rss: 41Mb Step #5: #4 pulse cov: 1169 ft: 1585 exec/s: 0 rss: 41Mb Step #5: #8 pulse cov: 1205 ft: 1642 exec/s: 0 rss: 43Mb Step #5: #16 pulse cov: 1365 ft: 1919 exec/s: 3 rss: 431Mb Step #5: #32 pulse cov: 1558 ft: 2378 exec/s: 1 rss: 885Mb Step #5: ==46== ERROR: libFuzzer: out-of-memory (used: 2079Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 113329402 bytes in 19391 chunks; quarantined: 7139909 bytes in 283 chunks; 46055 other chunks; total chunks: 65729; showing top 95% (at most 8 unique contexts) Step #5: 85389570 byte(s) (75%) in 1 allocation(s) Step #5: #0 0x55d0414e2fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55d0415c2ba8 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x55d0415c2ba8 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x55d0415c2ba8 in stbi__tga_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:5946:31 Step #5: #4 0x55d0415a5f06 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1182:14 Step #5: #5 0x55d041522c79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x55d041545f7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x55d041545f7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x55d041642f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x55d041642f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x55d041642f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x55d041642f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x55d0416b57bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x55d0416b57bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x55d0416b57bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x55d041569c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x55d041569c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x55d0415583da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x55d0415a2c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x55d0415a2c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x55d0415a2c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x55d0413d7210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x55d0413e07e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x55d0413c7d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x55d0413f31c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7fe332407082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 24383096 byte(s) (21%) in 11 allocation(s) Step #5: #0 0x55d0414e2fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55d041742d73 in operator new(unsigned long) cxa_noexception.cpp Step #5: #2 0x55d0413f31c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #3 0x7fe332407082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--operator new(unsigned long)--main Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x62,0x6d,0x70,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x65,0x41,0x41,0x4c,0x61,0x2b,0x57,0x73,0x73,0x69,0x65,0x62,0x2f,0x2f,0x44,0x57,0x32,0x32,0x2f,0x69,0x41,0x78,0x67,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/bmp;base64,eAALa+Wssieb//DW22/iAxg\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-5952608bc55b0caf934ef8ff95ea8680b0d94444 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvYm1wO2Jhc2U2NCxlQUFMYStXc3NpZWIvL0RXMjIvaUF4ZyJ9XSwiYXNzZXQiOnsidmVyc2lvbiI6IiJ9fQ== Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 3 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 419963432 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x561bc72afb30, 0x561bc72b3794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x561bc72b3798,0x561bc72efdd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/5952608bc55b0caf934ef8ff95ea8680b0d94444' caused a failure at the previous merge step Step #5: MERGE-INNER: 12669 total files; 5449 processed earlier; will process 7220 files now Step #5: #1 pulse cov: 909 ft: 910 exec/s: 0 rss: 144Mb Step #5: #2 pulse cov: 952 ft: 1011 exec/s: 0 rss: 144Mb Step #5: #4 pulse cov: 983 ft: 1073 exec/s: 4 rss: 144Mb Step #5: #8 pulse cov: 1017 ft: 1144 exec/s: 1 rss: 456Mb Step #5: #16 pulse cov: 1076 ft: 1260 exec/s: 1 rss: 1539Mb Step #5: #32 pulse cov: 1346 ft: 1798 exec/s: 2 rss: 1539Mb Step #5: #64 pulse cov: 1887 ft: 2860 exec/s: 1 rss: 1539Mb Step #5: ==50== ERROR: libFuzzer: out-of-memory (used: 2100Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 129393437 bytes in 20358 chunks; quarantined: 9505478 bytes in 1847 chunks; 43730 other chunks; total chunks: 65935; showing top 95% (at most 8 unique contexts) Step #5: 101412189 byte(s) (78%) in 1 allocation(s) Step #5: #0 0x561bc6eecfdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x561bc6fccba8 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x561bc6fccba8 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x561bc6fccba8 in stbi__tga_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:5946:31 Step #5: #4 0x561bc6faff06 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1182:14 Step #5: #5 0x561bc6f2cc79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x561bc6f4ff7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x561bc6f4ff7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x561bc704cf02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x561bc704cf02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x561bc704cf02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x561bc704cf02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x561bc70bf7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x561bc70bf7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x561bc70bf7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x561bc6f73c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x561bc6f73c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x561bc6f623da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x561bc6facc1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x561bc6facc1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x561bc6facc1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x561bc6de1210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x561bc6dea7e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x561bc6dd1d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x561bc6dfd1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f0ab0eb1082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 24383096 byte(s) (18%) in 11 allocation(s) Step #5: #0 0x561bc6eecfdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x561bc714cd73 in operator new(unsigned long) cxa_noexception.cpp Step #5: #2 0x561bc6dfd1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #3 0x7f0ab0eb1082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--operator new(unsigned long)--main Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x62,0x6d,0x70,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x65,0x41,0x41,0x4c,0x2b,0x61,0x57,0x73,0x73,0x69,0x65,0x62,0x2f,0x2f,0x57,0x2f,0x30,0x36,0x6f,0x46,0x41,0x78,0x67,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/bmp;base64,eAAL+aWssieb//W/06oFAxg\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-76a95b1ea9dbcb27fc08626eb8ce1705d3e01fa5 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvYm1wO2Jhc2U2NCxlQUFMK2FXc3NpZWIvL1cvMDZvRkF4ZyJ9XSwiYXNzZXQiOnsidmVyc2lvbiI6IiJ9fQ== Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 4 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 470253547 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x55b9c5033b30, 0x55b9c5037794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x55b9c5037798,0x55b9c5073dd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/76a95b1ea9dbcb27fc08626eb8ce1705d3e01fa5' caused a failure at the previous merge step Step #5: MERGE-INNER: 12669 total files; 5532 processed earlier; will process 7137 files now Step #5: #1 pulse cov: 901 ft: 902 exec/s: 0 rss: 1317Mb Step #5: #2 pulse cov: 949 ft: 1032 exec/s: 1 rss: 1317Mb Step #5: #4 pulse cov: 1122 ft: 1402 exec/s: 2 rss: 1317Mb Step #5: #8 pulse cov: 1248 ft: 1744 exec/s: 4 rss: 1317Mb Step #5: #16 pulse cov: 1318 ft: 1888 exec/s: 1 rss: 1317Mb Step #5: #32 pulse cov: 1655 ft: 2453 exec/s: 1 rss: 1317Mb Step #5: #64 pulse cov: 1897 ft: 3405 exec/s: 2 rss: 1789Mb Step #5: ==54== ERROR: libFuzzer: out-of-memory (used: 2090Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 960813516 bytes in 20518 chunks; quarantined: 10065802 bytes in 2194 chunks; 43409 other chunks; total chunks: 66121; showing top 95% (at most 8 unique contexts) Step #5: 621883756 byte(s) (64%) in 1 allocation(s) Step #5: #0 0x55b9c4c70fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55b9c4d596e3 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x55b9c4d596e3 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x55b9c4d596e3 in stbi__convert_format(unsigned char*, int, int, unsigned int, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1761:29 Step #5: #4 0x55b9c4d52b53 in stbi__tga_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:6084:18 Step #5: #5 0x55b9c4d33f06 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1182:14 Step #5: #6 0x55b9c4cb0c79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #7 0x55b9c4cd3f7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #8 0x55b9c4cd3f7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #9 0x55b9c4dd0f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #10 0x55b9c4dd0f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #11 0x55b9c4dd0f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #12 0x55b9c4dd0f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #13 0x55b9c4e437bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #14 0x55b9c4e437bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #15 0x55b9c4e437bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #16 0x55b9c4cf7c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #17 0x55b9c4cf7c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #18 0x55b9c4ce63da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #19 0x55b9c4d30c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #20 0x55b9c4d30c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #21 0x55b9c4d30c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #22 0x55b9c4b65210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #23 0x55b9c4b6e7e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #24 0x55b9c4b55d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #25 0x55b9c4b811c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #26 0x7fb5acfc0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 310941878 byte(s) (32%) in 1 allocation(s) Step #5: #0 0x55b9c4c70fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55b9c4d50ba8 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x55b9c4d50ba8 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x55b9c4d50ba8 in stbi__tga_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:5946:31 Step #5: #4 0x55b9c4d33f06 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1182:14 Step #5: #5 0x55b9c4cb0c79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x55b9c4cd3f7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x55b9c4cd3f7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x55b9c4dd0f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x55b9c4dd0f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x55b9c4dd0f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x55b9c4dd0f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x55b9c4e437bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x55b9c4e437bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x55b9c4e437bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x55b9c4cf7c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x55b9c4cf7c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x55b9c4ce63da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x55b9c4d30c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x55b9c4d30c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x55b9c4d30c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x55b9c4b65210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x55b9c4b6e7e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x55b9c4b55d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x55b9c4b811c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7fb5acfc0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x6a,0x70,0x65,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x50,0x77,0x41,0x44,0x76,0x61,0x77,0x78,0x77,0x7a,0x77,0x77,0x78,0x77,0x76,0x4a,0x57,0x77,0x77,0x42,0x77,0x42,0x42,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/jpeg;base64,PwADvawxwzwwxwvJWwwBwBB\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-e584f20fca7c6cd3f5daf646e6350db6326afab4 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvanBlZztiYXNlNjQsUHdBRHZhd3h3end3eHd2Sld3d0J3QkIifV0sImFzc2V0Ijp7InZlcnNpb24iOiIifX0= Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 5 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 509544336 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x55769943fb30, 0x557699443794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x557699443798,0x55769947fdd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/e584f20fca7c6cd3f5daf646e6350db6326afab4' caused a failure at the previous merge step Step #5: MERGE-INNER: 12669 total files; 5608 processed earlier; will process 7061 files now Step #5: #1 pulse cov: 814 ft: 815 exec/s: 0 rss: 43Mb Step #5: #2 pulse cov: 882 ft: 917 exec/s: 0 rss: 45Mb Step #5: #4 pulse cov: 1097 ft: 1224 exec/s: 0 rss: 45Mb Step #5: #8 pulse cov: 1142 ft: 1299 exec/s: 0 rss: 46Mb Step #5: #16 pulse cov: 1431 ft: 1801 exec/s: 5 rss: 1529Mb Step #5: #32 pulse cov: 2059 ft: 3118 exec/s: 4 rss: 1529Mb Step #5: #64 pulse cov: 2260 ft: 4008 exec/s: 6 rss: 1539Mb Step #5: #128 pulse cov: 2664 ft: 5639 exec/s: 5 rss: 1539Mb Step #5: #256 pulse cov: 2944 ft: 6847 exec/s: 5 rss: 1543Mb Step #5: ==58== ERROR: libFuzzer: out-of-memory (used: 2164Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 2643568476 bytes in 26949 chunks; quarantined: 8410220 bytes in 543 chunks; 51503 other chunks; total chunks: 78995; showing top 95% (at most 8 unique contexts) Step #5: 1307662337 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x55769907cfdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x5576991535f2 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x5576991535f2 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x5576991535f2 in load_jpeg_image /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:3920:28 Step #5: #4 0x5576991535f2 in stbi__jpeg_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:4035:13 Step #5: #5 0x55769913e780 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1166:35 Step #5: #6 0x5576990bcc79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #7 0x5576990dff7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #8 0x5576990dff7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #9 0x5576991dcf02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #10 0x5576991dcf02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #11 0x5576991dcf02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #12 0x5576991dcf02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #13 0x55769924f7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #14 0x55769924f7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #15 0x55769924f7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #16 0x557699103c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #17 0x557699103c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #18 0x5576990f23da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #19 0x55769913cc1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #20 0x55769913cc1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #21 0x55769913cc1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #22 0x557698f71210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #23 0x557698f7a7e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #24 0x557698f61d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #25 0x557698f8d1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #26 0x7f4199f37082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 1307662336 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x5576990ba3ad in operator new(unsigned long) /src/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:86:3 Step #5: #1 0x55769919f3b1 in __libcpp_operator_new /usr/local/bin/../include/c++/v1/new:271:10 Step #5: #2 0x55769919f3b1 in __libcpp_allocate /usr/local/bin/../include/c++/v1/new:295:10 Step #5: #3 0x55769919f3b1 in allocate /usr/local/bin/../include/c++/v1/__memory/allocator.h:125:32 Step #5: #4 0x55769919f3b1 in __allocate_at_least > /usr/local/bin/../include/c++/v1/__memory/allocate_at_least.h:55:19 Step #5: #5 0x55769919f3b1 in std::__1::__split_buffer&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator&) /usr/local/bin/../include/c++/v1/__split_buffer:343:25 Step #5: #6 0x5576991ddc1e in std::__1::vector>::__append(unsigned long) /usr/local/bin/../include/c++/v1/vector:1095:49 Step #5: #7 0x5576990e0c09 in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2732:18 Step #5: #8 0x5576991dcf02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x5576991dcf02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x5576991dcf02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x5576991dcf02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x55769924f7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x55769924f7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x55769924f7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x557699103c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x557699103c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x5576990f23da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x55769913cc1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x55769913cc1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x55769913cc1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x557698f71210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x557698f7a7e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x557698f61d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x557698f8d1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f4199f37082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: operator new(unsigned long)--__libcpp_operator_new--__libcpp_allocate Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x70,0x6e,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x2f,0x2f,0x2f,0x59,0x2f,0x2f,0x2f,0x43,0x41,0x42,0x45,0x49,0x37,0x34,0x41,0x55,0x31,0x41,0x4e,0x48,0x49,0x51,0x45,0x4f,0x45,0x51,0x47,0x2f,0x45,0x2f,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/png;base64,///Y///CABEI74AU1ANHIQEOEQG/E/\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-98dadfcc15b3623f8b02b9eb4dcd2e232961c892 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCwvLy9ZLy8vQ0FCRUk3NEFVMUFOSElRRU9FUUcvRS8ifV0sImFzc2V0Ijp7InZlcnNpb24iOiIifX0= Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 6 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 574849733 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x5585d4f21b30, 0x5585d4f25794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x5585d4f25798,0x5585d4f61dd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/98dadfcc15b3623f8b02b9eb4dcd2e232961c892' caused a failure at the previous merge step Step #5: MERGE-INNER: 12669 total files; 5921 processed earlier; will process 6748 files now Step #5: #1 pulse cov: 824 ft: 825 exec/s: 0 rss: 43Mb Step #5: #2 pulse cov: 932 ft: 985 exec/s: 0 rss: 2329Mb Step #5: ==62== ERROR: libFuzzer: out-of-memory (used: 2329Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 100090356 bytes in 15822 chunks; quarantined: 51344 bytes in 3 chunks; 50106 other chunks; total chunks: 65931; showing top 95% (at most 8 unique contexts) Step #5: 36146065 byte(s) (36%) in 1 allocation(s) Step #5: #0 0x5585d4b5efdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x5585d4c355f2 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x5585d4c355f2 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x5585d4c355f2 in load_jpeg_image /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:3920:28 Step #5: #4 0x5585d4c355f2 in stbi__jpeg_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:4035:13 Step #5: #5 0x5585d4c20780 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1166:35 Step #5: #6 0x5585d4b9ec79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #7 0x5585d4bc1f7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #8 0x5585d4bc1f7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #9 0x5585d4cbef02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #10 0x5585d4cbef02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #11 0x5585d4cbef02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #12 0x5585d4cbef02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #13 0x5585d4d317bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #14 0x5585d4d317bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #15 0x5585d4d317bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #16 0x5585d4be5c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #17 0x5585d4be5c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #18 0x5585d4bd43da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #19 0x5585d4c1ec1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #20 0x5585d4c1ec1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #21 0x5585d4c1ec1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #22 0x5585d4a53210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #23 0x5585d4a5c7e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #24 0x5585d4a43d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #25 0x5585d4a6f1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #26 0x7ff4b65bf082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 36146064 byte(s) (36%) in 1 allocation(s) Step #5: #0 0x5585d4b9c3ad in operator new(unsigned long) /src/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:86:3 Step #5: #1 0x5585d4c813b1 in __libcpp_operator_new /usr/local/bin/../include/c++/v1/new:271:10 Step #5: #2 0x5585d4c813b1 in __libcpp_allocate /usr/local/bin/../include/c++/v1/new:295:10 Step #5: #3 0x5585d4c813b1 in allocate /usr/local/bin/../include/c++/v1/__memory/allocator.h:125:32 Step #5: #4 0x5585d4c813b1 in __allocate_at_least > /usr/local/bin/../include/c++/v1/__memory/allocate_at_least.h:55:19 Step #5: #5 0x5585d4c813b1 in std::__1::__split_buffer&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator&) /usr/local/bin/../include/c++/v1/__split_buffer:343:25 Step #5: #6 0x5585d4cbfc1e in std::__1::vector>::__append(unsigned long) /usr/local/bin/../include/c++/v1/vector:1095:49 Step #5: #7 0x5585d4bc2c09 in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2732:18 Step #5: #8 0x5585d4cbef02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x5585d4cbef02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x5585d4cbef02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x5585d4cbef02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x5585d4d317bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x5585d4d317bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x5585d4d317bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x5585d4be5c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x5585d4be5c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x5585d4bd43da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x5585d4c1ec1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x5585d4c1ec1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x5585d4c1ec1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x5585d4a53210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x5585d4a5c7e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x5585d4a43d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x5585d4a6f1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7ff4b65bf082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: operator new(unsigned long)--__libcpp_operator_new--__libcpp_allocate Step #5: 24383096 byte(s) (24%) in 11 allocation(s) Step #5: #0 0x5585d4b5efdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x5585d4dbed73 in operator new(unsigned long) cxa_noexception.cpp Step #5: #2 0x5585d4a6f1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #3 0x7ff4b65bf082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--operator new(unsigned long)--main Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x70,0x6e,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x2f,0x2f,0x2f,0x59,0x2f,0x2f,0x2f,0x43,0x41,0x42,0x45,0x49,0x71,0x34,0x38,0x4f,0x6e,0x41,0x4e,0x48,0x49,0x51,0x4f,0x45,0x49,0x51,0x44,0x69,0x45,0x64,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/png;base64,///Y///CABEIq48OnANHIQOEIQDiEd\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-0bf1bb328008da83543c75dbf73823bd3e185955 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCwvLy9ZLy8vQ0FCRUlxNDhPbkFOSElRT0VJUURpRWQifV0sImFzc2V0Ijp7InZlcnNpb24iOiIifX0= Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 7 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 580137690 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x55aaa770db30, 0x55aaa7711794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x55aaa7711798,0x55aaa774ddd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/0bf1bb328008da83543c75dbf73823bd3e185955' caused a failure at the previous merge step Step #5: MERGE-INNER: 12669 total files; 5925 processed earlier; will process 6744 files now Step #5: #1 pulse cov: 898 ft: 899 exec/s: 0 rss: 1651Mb Step #5: #2 pulse cov: 1005 ft: 1180 exec/s: 0 rss: 1651Mb Step #5: #4 pulse cov: 1026 ft: 1233 exec/s: 0 rss: 1675Mb Step #5: #8 pulse cov: 1228 ft: 1725 exec/s: 1 rss: 1675Mb Step #5: #16 pulse cov: 1559 ft: 2352 exec/s: 1 rss: 1675Mb Step #5: ==66== ERROR: libFuzzer: out-of-memory (used: 2325Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 2416267492 bytes in 19437 chunks; quarantined: 6253957 bytes in 516 chunks; 50158 other chunks; total chunks: 70111; showing top 95% (at most 8 unique contexts) Step #5: 1194161473 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x55aaa734afdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55aaa74215f2 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x55aaa74215f2 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x55aaa74215f2 in load_jpeg_image /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:3920:28 Step #5: #4 0x55aaa74215f2 in stbi__jpeg_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:4035:13 Step #5: #5 0x55aaa740c780 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1166:35 Step #5: #6 0x55aaa738ac79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #7 0x55aaa73adf7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #8 0x55aaa73adf7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #9 0x55aaa74aaf02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #10 0x55aaa74aaf02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #11 0x55aaa74aaf02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #12 0x55aaa74aaf02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #13 0x55aaa751d7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #14 0x55aaa751d7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #15 0x55aaa751d7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #16 0x55aaa73d1c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #17 0x55aaa73d1c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #18 0x55aaa73c03da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #19 0x55aaa740ac1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #20 0x55aaa740ac1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #21 0x55aaa740ac1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #22 0x55aaa723f210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #23 0x55aaa72487e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #24 0x55aaa722fd95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #25 0x55aaa725b1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #26 0x7f3be4c0f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 1194161472 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x55aaa73883ad in operator new(unsigned long) /src/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:86:3 Step #5: #1 0x55aaa746d3b1 in __libcpp_operator_new /usr/local/bin/../include/c++/v1/new:271:10 Step #5: #2 0x55aaa746d3b1 in __libcpp_allocate /usr/local/bin/../include/c++/v1/new:295:10 Step #5: #3 0x55aaa746d3b1 in allocate /usr/local/bin/../include/c++/v1/__memory/allocator.h:125:32 Step #5: #4 0x55aaa746d3b1 in __allocate_at_least > /usr/local/bin/../include/c++/v1/__memory/allocate_at_least.h:55:19 Step #5: #5 0x55aaa746d3b1 in std::__1::__split_buffer&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator&) /usr/local/bin/../include/c++/v1/__split_buffer:343:25 Step #5: #6 0x55aaa74abc1e in std::__1::vector>::__append(unsigned long) /usr/local/bin/../include/c++/v1/vector:1095:49 Step #5: #7 0x55aaa73aec09 in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2732:18 Step #5: #8 0x55aaa74aaf02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x55aaa74aaf02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x55aaa74aaf02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x55aaa74aaf02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x55aaa751d7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x55aaa751d7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x55aaa751d7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x55aaa73d1c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x55aaa73d1c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x55aaa73c03da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x55aaa740ac1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x55aaa740ac1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x55aaa740ac1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x55aaa723f210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x55aaa72487e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x55aaa722fd95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x55aaa725b1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f3be4c0f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: operator new(unsigned long)--__libcpp_operator_new--__libcpp_allocate Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x70,0x6e,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x2f,0x2f,0x2f,0x59,0x2f,0x2f,0x2f,0x42,0x41,0x42,0x45,0x49,0x41,0x49,0x54,0x31,0x45,0x51,0x4e,0x48,0x45,0x51,0x4d,0x4f,0x45,0x51,0x48,0x2f,0x45,0x2f,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/png;base64,///Y///BABEIAIT1EQNHEQMOEQH/E/\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-b2eacf9bead89fed3715de33a796b97820dd3a04 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCwvLy9ZLy8vQkFCRUlBSVQxRVFOSEVRTU9FUUgvRS8ifV0sImFzc2V0Ijp7InZlcnNpb24iOiIifX0= Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 8 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 597431595 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x558e3186ab30, 0x558e3186e794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x558e3186e798,0x558e318aadd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/b2eacf9bead89fed3715de33a796b97820dd3a04' caused a failure at the previous merge step Step #5: MERGE-INNER: 12669 total files; 5955 processed earlier; will process 6714 files now Step #5: #1 pulse cov: 852 ft: 853 exec/s: 0 rss: 43Mb Step #5: #2 pulse cov: 1177 ft: 1352 exec/s: 0 rss: 46Mb Step #5: #4 pulse cov: 1197 ft: 1405 exec/s: 0 rss: 1418Mb Step #5: #8 pulse cov: 1308 ft: 1800 exec/s: 1 rss: 1418Mb Step #5: #16 pulse cov: 1626 ft: 2337 exec/s: 2 rss: 1418Mb Step #5: #32 pulse cov: 1850 ft: 3061 exec/s: 2 rss: 1648Mb Step #5: #64 pulse cov: 2114 ft: 3640 exec/s: 2 rss: 1648Mb Step #5: #128 pulse cov: 2635 ft: 5037 exec/s: 2 rss: 1648Mb Step #5: #256 pulse cov: 2901 ft: 7252 exec/s: 4 rss: 1648Mb Step #5: ==70== ERROR: libFuzzer: out-of-memory (used: 2099Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 152472894 bytes in 26570 chunks; quarantined: 8319908 bytes in 51 chunks; 39643 other chunks; total chunks: 66264; showing top 95% (at most 8 unique contexts) Step #5: 124244000 byte(s) (81%) in 1 allocation(s) Step #5: #0 0x558e314a7fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x558e31569ea0 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x558e31569ea0 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x558e31569ea0 in stbi__bmp_load /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:5616:22 Step #5: #4 0x558e31569ea0 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1148:35 Step #5: #5 0x558e314e7c79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x558e3150af7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x558e3150af7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x558e31607f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x558e31607f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x558e31607f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x558e31607f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x558e3167a7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x558e3167a7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x558e3167a7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x558e3152ec84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x558e3152ec84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x558e3151d3da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x558e31567c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x558e31567c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x558e31567c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x558e3139c210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x558e313a57e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x558e3138cd95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x558e313b81c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f946c357082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 24383096 byte(s) (15%) in 11 allocation(s) Step #5: #0 0x558e314a7fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x558e31707d73 in operator new(unsigned long) cxa_noexception.cpp Step #5: #2 0x558e313b81c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #3 0x7f946c357082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--operator new(unsigned long)--main Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x70,0x6e,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x51,0x6b,0x32,0x39,0x43,0x61,0x6e,0x69,0x61,0x69,0x6d,0x51,0x6e,0x69,0x6f,0x43,0x41,0x41,0x41,0x4d,0x41,0x41,0x41,0x41,0x71,0x76,0x4c,0x30,0x41,0x51,0x45,0x41,0x42,0x41,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/png;base64,Qk29CaniaimQnioCAAAMAAAAqvL0AQEABA\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-49f1cafb7702e1beb3263e6ed84fd9c528be9146 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxRazI5Q2FuaWFpbVFuaW9DQUFBTUFBQUFxdkwwQVFFQUJBIn1dLCJhc3NldCI6eyJ2ZXJzaW9uIjoiIn19 Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 9 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 669733512 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x5616545dab30, 0x5616545de794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x5616545de798,0x56165461add8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/49f1cafb7702e1beb3263e6ed84fd9c528be9146' caused a failure at the previous merge step Step #5: MERGE-INNER: 12669 total files; 6231 processed earlier; will process 6438 files now Step #5: #1 pulse cov: 786 ft: 787 exec/s: 0 rss: 42Mb Step #5: #2 pulse cov: 1018 ft: 1251 exec/s: 0 rss: 45Mb Step #5: #4 pulse cov: 1078 ft: 1358 exec/s: 0 rss: 48Mb Step #5: #8 pulse cov: 1224 ft: 1609 exec/s: 0 rss: 59Mb Step #5: #16 pulse cov: 1671 ft: 2345 exec/s: 2 rss: 1641Mb Step #5: #32 pulse cov: 1924 ft: 2823 exec/s: 2 rss: 1641Mb Step #5: ==74== ERROR: libFuzzer: out-of-memory (used: 2078Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 2454967911 bytes in 19964 chunks; quarantined: 9345907 bytes in 1144 chunks; 44863 other chunks; total chunks: 65971; showing top 95% (at most 8 unique contexts) Step #5: 1213501145 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x561654217fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x5616542ee5f2 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x5616542ee5f2 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x5616542ee5f2 in load_jpeg_image /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:3920:28 Step #5: #4 0x5616542ee5f2 in stbi__jpeg_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:4035:13 Step #5: #5 0x5616542d9780 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1166:35 Step #5: #6 0x561654257c79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #7 0x56165427af7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #8 0x56165427af7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #9 0x561654377f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #10 0x561654377f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #11 0x561654377f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #12 0x561654377f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #13 0x5616543ea7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #14 0x5616543ea7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #15 0x5616543ea7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #16 0x56165429ec84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #17 0x56165429ec84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #18 0x56165428d3da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #19 0x5616542d7c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #20 0x5616542d7c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #21 0x5616542d7c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #22 0x56165410c210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #23 0x5616541157e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #24 0x5616540fcd95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #25 0x5616541281c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #26 0x7f3bb718c082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 1213501144 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x5616542553ad in operator new(unsigned long) /src/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:86:3 Step #5: #1 0x56165433a3b1 in __libcpp_operator_new /usr/local/bin/../include/c++/v1/new:271:10 Step #5: #2 0x56165433a3b1 in __libcpp_allocate /usr/local/bin/../include/c++/v1/new:295:10 Step #5: #3 0x56165433a3b1 in allocate /usr/local/bin/../include/c++/v1/__memory/allocator.h:125:32 Step #5: #4 0x56165433a3b1 in __allocate_at_least > /usr/local/bin/../include/c++/v1/__memory/allocate_at_least.h:55:19 Step #5: #5 0x56165433a3b1 in std::__1::__split_buffer&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator&) /usr/local/bin/../include/c++/v1/__split_buffer:343:25 Step #5: #6 0x561654378c1e in std::__1::vector>::__append(unsigned long) /usr/local/bin/../include/c++/v1/vector:1095:49 Step #5: #7 0x56165427bc09 in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2732:18 Step #5: #8 0x561654377f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x561654377f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x561654377f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x561654377f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x5616543ea7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x5616543ea7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x5616543ea7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x56165429ec84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x56165429ec84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x56165428d3da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x5616542d7c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x5616542d7c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x5616542d7c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x56165410c210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x5616541157e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x5616540fcd95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x5616541281c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f3bb718c082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: operator new(unsigned long)--__libcpp_operator_new--__libcpp_allocate Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x62,0x6d,0x70,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x2f,0x2f,0x2f,0x59,0x2f,0x2f,0x2f,0x43,0x41,0x42,0x51,0x49,0x4a,0x51,0x39,0x38,0x36,0x67,0x51,0x48,0x45,0x51,0x45,0x45,0x45,0x67,0x49,0x4c,0x45,0x67,0x48,0x50,0x49,0x65,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/bmp;base64,///Y///CABQIJQ986gQHEQEEEgILEgHPIe\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-025d798e36497037e77fef3d96e6453f1fae9416 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvYm1wO2Jhc2U2NCwvLy9ZLy8vQ0FCUUlKUTk4NmdRSEVRRUVFZ0lMRWdIUEllIn1dLCJhc3NldCI6eyJ2ZXJzaW9uIjoiIn19 Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 10 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 687029947 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x556443946b30, 0x55644394a794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x55644394a798,0x556443986dd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/025d798e36497037e77fef3d96e6453f1fae9416' caused a failure at the previous merge step Step #5: MERGE-INNER: 12669 total files; 6266 processed earlier; will process 6403 files now Step #5: #1 pulse cov: 811 ft: 812 exec/s: 0 rss: 40Mb Step #5: #2 pulse cov: 1079 ft: 1322 exec/s: 0 rss: 120Mb Step #5: #4 pulse cov: 1130 ft: 1433 exec/s: 0 rss: 120Mb Step #5: #8 pulse cov: 1246 ft: 1593 exec/s: 1 rss: 817Mb Step #5: #16 pulse cov: 1266 ft: 1734 exec/s: 2 rss: 817Mb Step #5: #32 pulse cov: 1414 ft: 1970 exec/s: 4 rss: 817Mb Step #5: #64 pulse cov: 1962 ft: 3078 exec/s: 7 rss: 817Mb Step #5: ==78== ERROR: libFuzzer: out-of-memory (used: 2089Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 2179067287 bytes in 20310 chunks; quarantined: 6014661 bytes in 3203 chunks; 42550 other chunks; total chunks: 66063; showing top 95% (at most 8 unique contexts) Step #5: 1075544009 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x556443583fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55644365a5f2 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x55644365a5f2 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x55644365a5f2 in load_jpeg_image /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:3920:28 Step #5: #4 0x55644365a5f2 in stbi__jpeg_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:4035:13 Step #5: #5 0x556443645780 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1166:35 Step #5: #6 0x5564435c3c79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #7 0x5564435e6f7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #8 0x5564435e6f7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #9 0x5564436e3f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #10 0x5564436e3f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #11 0x5564436e3f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #12 0x5564436e3f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #13 0x5564437567bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #14 0x5564437567bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #15 0x5564437567bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #16 0x55644360ac84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #17 0x55644360ac84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #18 0x5564435f93da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #19 0x556443643c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #20 0x556443643c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #21 0x556443643c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #22 0x556443478210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #23 0x5564434817e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #24 0x556443468d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #25 0x5564434941c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #26 0x7f9c46674082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 1075544008 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x5564435c13ad in operator new(unsigned long) /src/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:86:3 Step #5: #1 0x5564436a63b1 in __libcpp_operator_new /usr/local/bin/../include/c++/v1/new:271:10 Step #5: #2 0x5564436a63b1 in __libcpp_allocate /usr/local/bin/../include/c++/v1/new:295:10 Step #5: #3 0x5564436a63b1 in allocate /usr/local/bin/../include/c++/v1/__memory/allocator.h:125:32 Step #5: #4 0x5564436a63b1 in __allocate_at_least > /usr/local/bin/../include/c++/v1/__memory/allocate_at_least.h:55:19 Step #5: #5 0x5564436a63b1 in std::__1::__split_buffer&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator&) /usr/local/bin/../include/c++/v1/__split_buffer:343:25 Step #5: #6 0x5564436e4c1e in std::__1::vector>::__append(unsigned long) /usr/local/bin/../include/c++/v1/vector:1095:49 Step #5: #7 0x5564435e7c09 in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2732:18 Step #5: #8 0x5564436e3f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x5564436e3f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x5564436e3f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x5564436e3f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x5564437567bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x5564437567bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x5564437567bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x55644360ac84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x55644360ac84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x5564435f93da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x556443643c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x556443643c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x556443643c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x556443478210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x5564434817e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x556443468d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x5564434941c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f9c46674082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: operator new(unsigned long)--__libcpp_operator_new--__libcpp_allocate Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x67,0x69,0x66,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x41,0x41,0x41,0x4c,0x67,0x67,0x67,0x64,0x67,0x44,0x74,0x67,0x67,0x67,0x67,0x67,0x67,0x67,0x67,0x77,0x67,0x67,0x67,0x41,0x41,0x41,0x41,0x41,0x51,0x41,0x41,0x41,0x41,0x51,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/gif;base64,AAALgggdgDtggggggggwgggAAAAAQAAAAQ\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-1aedaffd2cbd5c5572edf94de2dcc061da317117 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvZ2lmO2Jhc2U2NCxBQUFMZ2dnZGdEdGdnZ2dnZ2dnd2dnZ0FBQUFBUUFBQUFRIn1dLCJhc3NldCI6eyJ2ZXJzaW9uIjoiIn19 Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 11 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 709339424 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x55fe23d04b30, 0x55fe23d08794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x55fe23d08798,0x55fe23d44dd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/1aedaffd2cbd5c5572edf94de2dcc061da317117' caused a failure at the previous merge step Step #5: MERGE-INNER: 12669 total files; 6338 processed earlier; will process 6331 files now Step #5: #1 pulse cov: 786 ft: 787 exec/s: 0 rss: 43Mb Step #5: #2 pulse cov: 1058 ft: 1285 exec/s: 0 rss: 109Mb Step #5: #4 pulse cov: 1155 ft: 1520 exec/s: 0 rss: 109Mb Step #5: #8 pulse cov: 1435 ft: 1941 exec/s: 0 rss: 109Mb Step #5: #16 pulse cov: 1622 ft: 2199 exec/s: 2 rss: 1569Mb Step #5: #32 pulse cov: 1817 ft: 2572 exec/s: 1 rss: 2007Mb Step #5: #64 pulse cov: 1982 ft: 3045 exec/s: 2 rss: 2007Mb Step #5: ==82== ERROR: libFuzzer: out-of-memory (used: 2237Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 2321429945 bytes in 23260 chunks; quarantined: 7810245 bytes in 3101 chunks; 43906 other chunks; total chunks: 70267; showing top 95% (at most 8 unique contexts) Step #5: 1146666701 byte(s) (49%) in 1 allocation(s) Step #5: #128 pulse cov: 2614 ft: 4772 exec/s: 3 rss: 2238Mb Step #5: #0 0x55fe23941fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55fe23a185f2 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x55fe23a185f2 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x55fe23a185f2 in load_jpeg_image /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:3920:28 Step #5: #4 0x55fe23a185f2 in stbi__jpeg_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:4035:13 Step #5: #5 0x55fe23a03780 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1166:35 Step #5: #6 0x55fe23981c79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #7 0x55fe239a4f7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #8 0x55fe239a4f7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #9 0x55fe23aa1f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #10 0x55fe23aa1f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #11 0x55fe23aa1f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #12 0x55fe23aa1f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #13 0x55fe23b147bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #14 0x55fe23b147bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #15 0x55fe23b147bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #16 0x55fe239c8c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #17 0x55fe239c8c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #18 0x55fe239b73da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #19 0x55fe23a01c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #20 0x55fe23a01c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #21 0x55fe23a01c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #22 0x55fe23836210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #23 0x55fe2383f7e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #24 0x55fe23826d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #25 0x55fe238521c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #26 0x7f796a9bc082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 1146666700 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x55fe2397f3ad in operator new(unsigned long) /src/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:86:3 Step #5: #1 0x55fe23a643b1 in __libcpp_operator_new /usr/local/bin/../include/c++/v1/new:271:10 Step #5: #2 0x55fe23a643b1 in __libcpp_allocate /usr/local/bin/../include/c++/v1/new:295:10 Step #5: #3 0x55fe23a643b1 in allocate /usr/local/bin/../include/c++/v1/__memory/allocator.h:125:32 Step #5: #4 0x55fe23a643b1 in __allocate_at_least > /usr/local/bin/../include/c++/v1/__memory/allocate_at_least.h:55:19 Step #5: #5 0x55fe23a643b1 in std::__1::__split_buffer&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator&) /usr/local/bin/../include/c++/v1/__split_buffer:343:25 Step #5: #6 0x55fe23aa2c1e in std::__1::vector>::__append(unsigned long) /usr/local/bin/../include/c++/v1/vector:1095:49 Step #5: #7 0x55fe239a5c09 in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2732:18 Step #5: #8 0x55fe23aa1f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x55fe23aa1f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x55fe23aa1f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x55fe23aa1f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x55fe23b147bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x55fe23b147bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x55fe23b147bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x55fe239c8c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x55fe239c8c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x55fe239b73da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x55fe23a01c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x55fe23a01c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x55fe23a01c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x55fe23836210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x55fe2383f7e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x55fe23826d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x55fe238521c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f796a9bc082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: operator new(unsigned long)--__libcpp_operator_new--__libcpp_allocate Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x6a,0x70,0x65,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x2f,0x2f,0x2f,0x59,0x2f,0x2f,0x2f,0x41,0x41,0x42,0x51,0x49,0x71,0x41,0x63,0x4d,0x4b,0x77,0x51,0x42,0x45,0x51,0x45,0x48,0x49,0x67,0x45,0x45,0x45,0x67,0x45,0x45,0x45,0x67,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/jpeg;base64,///Y///AABQIqAcMKwQBEQEHIgEEEgEEEg\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-1dd29f5d1fdcc7257c9037cffe9d83779e04b978 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLy8vWS8vL0FBQlFJcUFjTUt3UUJFUUVISWdFRUVnRUVFZyJ9XSwiYXNzZXQiOnsidmVyc2lvbiI6IiJ9fQ== Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 12 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 748637157 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x55a7b791fb30, 0x55a7b7923794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x55a7b7923798,0x55a7b795fdd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/1dd29f5d1fdcc7257c9037cffe9d83779e04b978' caused a failure at the previous merge step Step #5: MERGE-INNER: 12669 total files; 6469 processed earlier; will process 6200 files now Step #5: #1 pulse cov: 802 ft: 803 exec/s: 0 rss: 39Mb Step #5: #2 pulse cov: 811 ft: 814 exec/s: 0 rss: 42Mb Step #5: #4 pulse cov: 903 ft: 953 exec/s: 0 rss: 42Mb Step #5: #8 pulse cov: 1218 ft: 1407 exec/s: 0 rss: 115Mb Step #5: #16 pulse cov: 1648 ft: 2216 exec/s: 0 rss: 115Mb Step #5: #32 pulse cov: 1869 ft: 2994 exec/s: 32 rss: 384Mb Step #5: #64 pulse cov: 2175 ft: 3885 exec/s: 21 rss: 937Mb Step #5: #128 pulse cov: 2543 ft: 4759 exec/s: 4 rss: 1667Mb Step #5: #256 pulse cov: 3098 ft: 7060 exec/s: 4 rss: 1804Mb Step #5: ==86== ERROR: libFuzzer: out-of-memory (used: 2163Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 1571785484 bytes in 26964 chunks; quarantined: 9663501 bytes in 505 chunks; 38839 other chunks; total chunks: 66308; showing top 95% (at most 8 unique contexts) Step #5: 771770561 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x55a7b755cfdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55a7b76335f2 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x55a7b76335f2 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x55a7b76335f2 in load_jpeg_image /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:3920:28 Step #5: #4 0x55a7b76335f2 in stbi__jpeg_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:4035:13 Step #5: #5 0x55a7b761e780 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1166:35 Step #5: #6 0x55a7b759cc79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #7 0x55a7b75bff7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #8 0x55a7b75bff7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #9 0x55a7b76bcf02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #10 0x55a7b76bcf02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #11 0x55a7b76bcf02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #12 0x55a7b76bcf02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #13 0x55a7b772f7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #14 0x55a7b772f7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #15 0x55a7b772f7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #16 0x55a7b75e3c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #17 0x55a7b75e3c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #18 0x55a7b75d23da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #19 0x55a7b761cc1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #20 0x55a7b761cc1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #21 0x55a7b761cc1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #22 0x55a7b7451210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #23 0x55a7b745a7e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #24 0x55a7b7441d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #25 0x55a7b746d1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #26 0x7f3ed665a082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 771770560 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x55a7b759a3ad in operator new(unsigned long) /src/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:86:3 Step #5: #1 0x55a7b767f3b1 in __libcpp_operator_new /usr/local/bin/../include/c++/v1/new:271:10 Step #5: #2 0x55a7b767f3b1 in __libcpp_allocate /usr/local/bin/../include/c++/v1/new:295:10 Step #5: #3 0x55a7b767f3b1 in allocate /usr/local/bin/../include/c++/v1/__memory/allocator.h:125:32 Step #5: #4 0x55a7b767f3b1 in __allocate_at_least > /usr/local/bin/../include/c++/v1/__memory/allocate_at_least.h:55:19 Step #5: #5 0x55a7b767f3b1 in std::__1::__split_buffer&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator&) /usr/local/bin/../include/c++/v1/__split_buffer:343:25 Step #5: #6 0x55a7b76bdc1e in std::__1::vector>::__append(unsigned long) /usr/local/bin/../include/c++/v1/vector:1095:49 Step #5: #7 0x55a7b75c0c09 in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2732:18 Step #5: #8 0x55a7b76bcf02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x55a7b76bcf02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x55a7b76bcf02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x55a7b76bcf02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x55a7b772f7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x55a7b772f7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x55a7b772f7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x55a7b75e3c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x55a7b75e3c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x55a7b75d23da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x55a7b761cc1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x55a7b761cc1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x55a7b761cc1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x55a7b7451210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x55a7b745a7e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x55a7b7441d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x55a7b746d1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f3ed665a082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: operator new(unsigned long)--__libcpp_operator_new--__libcpp_allocate Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x6a,0x70,0x65,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x2f,0x2f,0x2f,0x59,0x2f,0x2f,0x2f,0x43,0x41,0x42,0x51,0x49,0x4d,0x67,0x38,0x36,0x30,0x41,0x53,0x45,0x45,0x51,0x48,0x48,0x45,0x51,0x45,0x45,0x45,0x51,0x4d,0x45,0x45,0x67,0x50,0x2f,0x32,0x65,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/jpeg;base64,///Y///CABQIMg860ASEEQHHEQEEEQMEEgP/2e\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-460a650fda15b0f11c5240479cc852020d2f5162 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLy8vWS8vL0NBQlFJTWc4NjBBU0VFUUhIRVFFRUVRTUVFZ1AvMmUifV0sImFzc2V0Ijp7InZlcnNpb24iOiIifX0= Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 13 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 855943561 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x560453bf1b30, 0x560453bf5794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x560453bf5798,0x560453c31dd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/460a650fda15b0f11c5240479cc852020d2f5162' caused a failure at the previous merge step Step #5: MERGE-INNER: 12669 total files; 6786 processed earlier; will process 5883 files now Step #5: #1 pulse cov: 891 ft: 892 exec/s: 0 rss: 171Mb Step #5: #2 pulse cov: 978 ft: 1013 exec/s: 2 rss: 171Mb Step #5: #4 pulse cov: 1134 ft: 1350 exec/s: 4 rss: 171Mb Step #5: #8 pulse cov: 1285 ft: 1603 exec/s: 2 rss: 355Mb Step #5: #16 pulse cov: 1765 ft: 2540 exec/s: 2 rss: 1396Mb Step #5: #32 pulse cov: 1832 ft: 2702 exec/s: 1 rss: 1465Mb Step #5: #64 pulse cov: 2195 ft: 3984 exec/s: 2 rss: 1590Mb Step #5: #128 pulse cov: 2739 ft: 6016 exec/s: 2 rss: 1590Mb Step #5: #256 pulse cov: 3213 ft: 7601 exec/s: 2 rss: 2037Mb Step #5: ==90== ERROR: libFuzzer: out-of-memory (used: 2383Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 2470095927 bytes in 27625 chunks; quarantined: 9019804 bytes in 988 chunks; 33589 other chunks; total chunks: 62202; showing top 95% (at most 8 unique contexts) Step #5: 1085255700 byte(s) (43%) in 1 allocation(s) Step #5: #0 0x56045382efdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x5604539226d2 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x5604539226d2 in stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:6812:28 Step #5: #3 0x5604538f00af in stbi__gif_load /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:7074:8 Step #5: #4 0x5604538f00af in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1151:35 Step #5: #5 0x56045386ec79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x560453891f7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x560453891f7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x56045398ef02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x56045398ef02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x56045398ef02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x56045398ef02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x560453a017bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x560453a017bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x560453a017bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x5604538b5c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x5604538b5c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x5604538a43da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x5604538eec1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x5604538eec1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x5604538eec1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x560453723210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x56045372c7e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x560453713d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x56045373f1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f2865a82082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) Step #5: 1085255700 byte(s) (43%) in 1 allocation(s) Step #5: #0 0x56045382efdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x560453922705 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x560453922705 in stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:6813:35 Step #5: #3 0x5604538f00af in stbi__gif_load /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:7074:8 Step #5: #4 0x5604538f00af in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1151:35 Step #5: #5 0x56045386ec79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x560453891f7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x560453891f7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x56045398ef02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x56045398ef02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x56045398ef02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x56045398ef02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x560453a017bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x560453a017bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x560453a017bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x5604538b5c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x5604538b5c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x5604538a43da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x5604538eec1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x5604538eec1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x5604538eec1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x560453723210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x56045372c7e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x560453713d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x56045373f1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f2865a82082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) Step #5: 271313925 byte(s) (10%) in 1 allocation(s) Step #5: #0 0x56045382efdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x56045392273d in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x56045392273d in stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:6814:32 Step #5: #3 0x5604538f00af in stbi__gif_load /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:7074:8 Step #5: #4 0x5604538f00af in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1151:35 Step #5: #5 0x56045386ec79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x560453891f7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x560453891f7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x56045398ef02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x56045398ef02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x56045398ef02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x56045398ef02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x560453a017bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x560453a017bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x560453a017bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x5604538b5c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x5604538b5c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x5604538a43da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x5604538eec1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x5604538eec1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x5604538eec1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x560453723210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x56045372c7e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x560453713d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x56045373f1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f2865a82082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x70,0x6e,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x52,0x30,0x6c,0x47,0x4f,0x44,0x64,0x68,0x31,0x79,0x4f,0x44,0x63,0x79,0x79,0x61,0x79,0x79,0x79,0x79,0x47,0x4c,0x41,0x41,0x41,0x51,0x64,0x68,0x41,0x4f,0x44,0x63,0x4f,0x61,0x41,0x69,0x79,0x41,0x41,0x41,0x58,0x39,0x48,0x58,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/png;base64,R0lGODdh1yODcyyayyyyGLAAAQdhAODcOaAiyAAAX9HX\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-38b8f576c4e25cc7486f8674b5c4b634d697aff6 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxSMGxHT0RkaDF5T0RjeXlheXl5eUdMQUFBUWRoQU9EY09hQWl5QUFBWDlIWCJ9XSwiYXNzZXQiOnsidmVyc2lvbiI6IiJ9fQ== Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 14 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 987261402 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x56365334ab30, 0x56365334e794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x56365334e798,0x56365338add8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/38b8f576c4e25cc7486f8674b5c4b634d697aff6' caused a failure at the previous merge step Step #5: MERGE-INNER: 12669 total files; 7061 processed earlier; will process 5608 files now Step #5: #1 pulse cov: 788 ft: 789 exec/s: 0 rss: 43Mb Step #5: #2 pulse cov: 814 ft: 836 exec/s: 0 rss: 45Mb Step #5: #4 pulse cov: 1186 ft: 1644 exec/s: 0 rss: 45Mb Step #5: #8 pulse cov: 1434 ft: 2035 exec/s: 0 rss: 1361Mb Step #5: #16 pulse cov: 1827 ft: 2637 exec/s: 5 rss: 1361Mb Step #5: #32 pulse cov: 2245 ft: 3692 exec/s: 8 rss: 1535Mb Step #5: #64 pulse cov: 2453 ft: 4340 exec/s: 4 rss: 1783Mb Step #5: #128 pulse cov: 2777 ft: 5627 exec/s: 4 rss: 1783Mb Step #5: ==94== ERROR: libFuzzer: out-of-memory (used: 2131Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 1344092895 bytes in 27250 chunks; quarantined: 10476579 bytes in 1891 chunks; 41188 other chunks; total chunks: 70329; showing top 95% (at most 8 unique contexts) Step #5: 584816512 byte(s) (43%) in 1 allocation(s) Step #5: #0 0x563652f87fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x56365307b6d2 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x56365307b6d2 in stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:6812:28 Step #5: #3 0x5636530490af in stbi__gif_load /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:7074:8 Step #5: #4 0x5636530490af in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1151:35 Step #5: #5 0x563652fc7c79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x563652feaf7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x563652feaf7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x5636530e7f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x5636530e7f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x5636530e7f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x5636530e7f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x56365315a7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x56365315a7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x56365315a7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x56365300ec84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x56365300ec84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x563652ffd3da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x563653047c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x563653047c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x563653047c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x563652e7c210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x563652e857e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x563652e6cd95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x563652e981c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f21de913082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) Step #5: 584816512 byte(s) (43%) in 1 allocation(s) Step #5: #0 0x563652f87fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x56365307b705 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x56365307b705 in stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:6813:35 Step #5: #3 0x5636530490af in stbi__gif_load /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:7074:8 Step #5: #4 0x5636530490af in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1151:35 Step #5: #5 0x563652fc7c79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x563652feaf7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x563652feaf7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x5636530e7f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x5636530e7f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x5636530e7f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x5636530e7f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x56365315a7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x56365315a7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x56365315a7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x56365300ec84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x56365300ec84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x563652ffd3da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x563653047c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x563653047c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x563653047c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x563652e7c210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x563652e857e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x563652e6cd95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x563652e981c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f21de913082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) Step #5: 146204128 byte(s) (10%) in 1 allocation(s) Step #5: #0 0x563652f87fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x56365307b73d in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x56365307b73d in stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:6814:32 Step #5: #3 0x5636530490af in stbi__gif_load /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:7074:8 Step #5: #4 0x5636530490af in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1151:35 Step #5: #5 0x563652fc7c79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x563652feaf7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x563652feaf7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x5636530e7f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x5636530e7f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x5636530e7f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x5636530e7f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x56365315a7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x56365315a7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x56365315a7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x56365300ec84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x56365300ec84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x563652ffd3da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x563653047c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x563653047c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x563653047c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x563652e7c210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x563652e857e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x563652e6cd95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x563652e981c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f21de913082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x70,0x6e,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x52,0x30,0x6c,0x47,0x4f,0x44,0x6c,0x68,0x63,0x4a,0x70,0x79,0x44,0x6c,0x79,0x79,0x79,0x79,0x79,0x79,0x41,0x47,0x41,0x41,0x48,0x41,0x41,0x4f,0x44,0x64,0x68,0x63,0x61,0x6d,0x4f,0x44,0x79,0x41,0x41,0x41,0x2f,0x2f,0x2f,0x2f,0x2b,0x2f,0x61,0x47,0x73,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/png;base64,R0lGODlhcJpyDlyyyyyyAGAAHAAODdhcamODyAAA////+/aGs\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-d0222cd9f5e484a37ae11fc4ba02601be1f1dec4 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxSMGxHT0RsaGNKcHlEbHl5eXl5eUFHQUFIQUFPRGRoY2FtT0R5QUFBLy8vLysvYUdzIn1dLCJhc3NldCI6eyJ2ZXJzaW9uIjoiIn19 Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 15 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1070566499 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x5625a992cb30, 0x5625a9930794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x5625a9930798,0x5625a996cdd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/d0222cd9f5e484a37ae11fc4ba02601be1f1dec4' caused a failure at the previous merge step Step #5: MERGE-INNER: 12669 total files; 7304 processed earlier; will process 5365 files now Step #5: #1 pulse cov: 638 ft: 639 exec/s: 0 rss: 41Mb Step #5: #2 pulse cov: 1004 ft: 1188 exec/s: 0 rss: 43Mb Step #5: #4 pulse cov: 1280 ft: 1671 exec/s: 0 rss: 44Mb Step #5: #8 pulse cov: 1385 ft: 2109 exec/s: 0 rss: 44Mb Step #5: #16 pulse cov: 1671 ft: 2657 exec/s: 5 rss: 1834Mb Step #5: ==98== ERROR: libFuzzer: out-of-memory (used: 2084Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 2159084859 bytes in 20805 chunks; quarantined: 4929979 bytes in 20284 chunks; 33241 other chunks; total chunks: 74330; showing top 95% (at most 8 unique contexts) Step #5: 947149280 byte(s) (43%) in 1 allocation(s) Step #5: #0 0x5625a9569fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x5625a965d705 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x5625a965d705 in stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:6813:35 Step #5: #3 0x5625a962b0af in stbi__gif_load /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:7074:8 Step #5: #4 0x5625a962b0af in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1151:35 Step #5: #5 0x5625a95a9c79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x5625a95ccf7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x5625a95ccf7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x5625a96c9f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x5625a96c9f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x5625a96c9f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x5625a96c9f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x5625a973c7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x5625a973c7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x5625a973c7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x5625a95f0c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x5625a95f0c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x5625a95df3da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x5625a9629c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x5625a9629c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x5625a9629c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x5625a945e210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x5625a94677e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x5625a944ed95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x5625a947a1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f231fda3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) Step #5: 947149280 byte(s) (43%) in 1 allocation(s) Step #5: #0 0x5625a9569fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x5625a965d6d2 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x5625a965d6d2 in stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:6812:28 Step #5: #3 0x5625a962b0af in stbi__gif_load /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:7074:8 Step #5: #4 0x5625a962b0af in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1151:35 Step #5: #5 0x5625a95a9c79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x5625a95ccf7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x5625a95ccf7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x5625a96c9f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x5625a96c9f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x5625a96c9f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x5625a96c9f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x5625a973c7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x5625a973c7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x5625a973c7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x5625a95f0c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x5625a95f0c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x5625a95df3da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x5625a9629c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x5625a9629c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x5625a9629c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x5625a945e210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x5625a94677e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x5625a944ed95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x5625a947a1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f231fda3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) Step #5: 236787320 byte(s) (10%) in 1 allocation(s) Step #5: #0 0x5625a9569fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x5625a965d73d in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x5625a965d73d in stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:6814:32 Step #5: #3 0x5625a962b0af in stbi__gif_load /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:7074:8 Step #5: #4 0x5625a962b0af in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1151:35 Step #5: #5 0x5625a95a9c79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x5625a95ccf7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x5625a95ccf7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x5625a96c9f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x5625a96c9f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x5625a96c9f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x5625a96c9f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x5625a973c7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x5625a973c7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x5625a973c7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x5625a95f0c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x5625a95f0c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x5625a95df3da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x5625a9629c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x5625a9629c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x5625a9629c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x5625a945e210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x5625a94677e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x5625a944ed95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x5625a947a1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f231fda3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x70,0x6e,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x52,0x30,0x6c,0x47,0x4f,0x44,0x64,0x68,0x30,0x75,0x50,0x63,0x44,0x79,0x79,0x61,0x79,0x79,0x79,0x79,0x47,0x4c,0x41,0x41,0x41,0x51,0x41,0x68,0x41,0x4f,0x44,0x63,0x4f,0x61,0x41,0x69,0x79,0x41,0x41,0x41,0x58,0x33,0x32,0x3b,0x37,0x36,0x37,0x48,0x58,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/png;base64,R0lGODdh0uPcDyyayyyyGLAAAQAhAODcOaAiyAAAX32;767HX\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-81cf546563c08eaf08344d144a1c91eda128c96c Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxSMGxHT0RkaDB1UGNEeXlheXl5eUdMQUFBUUFoQU9EY09hQWl5QUFBWDMyOzc2N0hYIn1dLCJhc3NldCI6eyJ2ZXJzaW9uIjoiIn19 Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 16 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1078864391 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x55e28dd76b30, 0x55e28dd7a794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x55e28dd7a798,0x55e28ddb6dd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/81cf546563c08eaf08344d144a1c91eda128c96c' caused a failure at the previous merge step Step #5: MERGE-INNER: 12669 total files; 7327 processed earlier; will process 5342 files now Step #5: #1 pulse cov: 676 ft: 677 exec/s: 0 rss: 41Mb Step #5: #2 pulse cov: 905 ft: 1104 exec/s: 0 rss: 44Mb Step #5: #4 pulse cov: 1138 ft: 1495 exec/s: 0 rss: 44Mb Step #5: #8 pulse cov: 1456 ft: 2114 exec/s: 2 rss: 1526Mb Step #5: #16 pulse cov: 1824 ft: 3272 exec/s: 2 rss: 1526Mb Step #5: #32 pulse cov: 2286 ft: 4312 exec/s: 3 rss: 1526Mb Step #5: #64 pulse cov: 2543 ft: 5728 exec/s: 5 rss: 1526Mb Step #5: #128 pulse cov: 3006 ft: 7193 exec/s: 3 rss: 1535Mb Step #5: #256 pulse cov: 3239 ft: 8995 exec/s: 4 rss: 1917Mb Step #5: ==102== ERROR: libFuzzer: out-of-memory (used: 2167Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 162728302 bytes in 30734 chunks; quarantined: 9586898 bytes in 226 chunks; 35403 other chunks; total chunks: 66363; showing top 95% (at most 8 unique contexts) Step #5: 134333184 byte(s) (82%) in 1 allocation(s) Step #5: #0 0x55e28d9b3fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55e28da93ba8 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x55e28da93ba8 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x55e28da93ba8 in stbi__tga_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:5946:31 Step #5: #4 0x55e28da76f06 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1182:14 Step #5: #5 0x55e28d9f3c79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x55e28da16f7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x55e28da16f7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x55e28db13f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x55e28db13f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x55e28db13f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x55e28db13f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x55e28db867bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x55e28db867bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x55e28db867bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x55e28da3ac84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x55e28da3ac84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x55e28da293da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x55e28da73c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x55e28da73c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x55e28da73c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x55e28d8a8210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x55e28d8b17e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x55e28d898d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x55e28d8c41c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7feed6f30082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 24383096 byte(s) (14%) in 11 allocation(s) Step #5: #0 0x55e28d9b3fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55e28dc13d73 in operator new(unsigned long) cxa_noexception.cpp Step #5: #2 0x55e28d8c41c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #3 0x7feed6f30082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--operator new(unsigned long)--main Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x6a,0x70,0x65,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x49,0x77,0x41,0x44,0x76,0x61,0x77,0x77,0x7a,0x77,0x77,0x77,0x76,0x77,0x77,0x41,0x78,0x4b,0x42,0x41,0x42,0x41,0x2b,0x22,0x7d,0x2c,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x6a,0x70,0x65,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x49,0x77,0x41,0x44,0x2b,0x22,0x7d,0x2c,0x7b,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/jpeg;base64,IwADvawwzwwwvwwAxKBABA+\"},{\"uri\":\"data:image/jpeg;base64,IwAD+\"},{}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-51aeed70cb7759c26e61476d42eeb730750dfa5a Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvanBlZztiYXNlNjQsSXdBRHZhd3d6d3d3dnd3QXhLQkFCQSsifSx7InVyaSI6ImRhdGE6aW1hZ2UvanBlZztiYXNlNjQsSXdBRCsifSx7fV0sImFzc2V0Ijp7InZlcnNpb24iOiIifX0= Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 17 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1166164222 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x5567e88c0b30, 0x5567e88c4794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x5567e88c4798,0x5567e8900dd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/51aeed70cb7759c26e61476d42eeb730750dfa5a' caused a failure at the previous merge step Step #5: MERGE-INNER: 12669 total files; 7813 processed earlier; will process 4856 files now Step #5: #1 pulse cov: 723 ft: 724 exec/s: 0 rss: 43Mb Step #5: #2 pulse cov: 947 ft: 1203 exec/s: 0 rss: 45Mb Step #5: #4 pulse cov: 1260 ft: 1873 exec/s: 0 rss: 45Mb Step #5: #8 pulse cov: 1767 ft: 2955 exec/s: 0 rss: 75Mb Step #5: #16 pulse cov: 1994 ft: 4008 exec/s: 0 rss: 75Mb Step #5: #32 pulse cov: 2322 ft: 4998 exec/s: 0 rss: 75Mb Step #5: #64 pulse cov: 2608 ft: 6364 exec/s: 12 rss: 905Mb Step #5: #128 pulse cov: 3066 ft: 8236 exec/s: 11 rss: 947Mb Step #5: #256 pulse cov: 3331 ft: 9542 exec/s: 10 rss: 1510Mb Step #5: #512 pulse cov: 3436 ft: 10956 exec/s: 5 rss: 1510Mb Step #5: #1024 pulse cov: 3658 ft: 13066 exec/s: 4 rss: 1510Mb Step #5: ==106== ERROR: libFuzzer: out-of-memory (used: 2143Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 28570977 bytes in 35026 chunks; quarantined: 10312539 bytes in 2785 chunks; 32704 other chunks; total chunks: 70515; showing top 95% (at most 8 unique contexts) Step #5: 24383096 byte(s) (85%) in 11 allocation(s) Step #5: #0 0x5567e84fdfdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x5567e875dd73 in operator new(unsigned long) cxa_noexception.cpp Step #5: #2 0x5567e840e1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #3 0x7fa64439b082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--operator new(unsigned long)--main Step #5: 1216224 byte(s) (4%) in 12669 allocation(s) Step #5: #0 0x5567e84fdfdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x5567e875dd73 in operator new(unsigned long) cxa_noexception.cpp Step #5: #2 0x5567e83f97fa in fuzzer::Merger::Parse(std::__Fuzzer::basic_istream>&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:73:10 Step #5: #3 0x5567e83fb32e in ParseOrExit /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:32:8 Step #5: #4 0x5567e83fb32e in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:209:5 Step #5: #5 0x5567e83e2d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #6 0x5567e840e1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fa64439b082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--operator new(unsigned long)--fuzzer::Merger::Parse(std::__Fuzzer::basic_istream>&, bool) Step #5: 1048576 byte(s) (3%) in 1 allocation(s) Step #5: #0 0x5567e84fdfdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x5567e875dd73 in operator new(unsigned long) cxa_noexception.cpp Step #5: #2 0x5567e83e2d57 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:885:10 Step #5: #3 0x5567e840e1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #4 0x7fa64439b082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--operator new(unsigned long)--fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) Step #5: 1013520 byte(s) (3%) in 1 allocation(s) Step #5: #0 0x5567e84fdfdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x5567e875dd73 in operator new(unsigned long) cxa_noexception.cpp Step #5: #2 0x5567e83f975a in resize /work/llvm-stage2/runtimes/runtimes-bins/compiler-rt/lib/fuzzer/libcxx_fuzzer_x86_64/include/c++/v1/vector:1750:11 Step #5: #3 0x5567e83f975a in fuzzer::Merger::Parse(std::__Fuzzer::basic_istream>&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:71:9 Step #5: #4 0x5567e83fb32e in ParseOrExit /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:32:8 Step #5: #5 0x5567e83fb32e in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:209:5 Step #5: #6 0x5567e83e2d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #7 0x5567e840e1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #8 0x7fa64439b082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--operator new(unsigned long)--resize Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x6a,0x70,0x65,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x55,0x77,0x41,0x4b,0x76,0x61,0x77,0x77,0x77,0x7a,0x77,0x77,0x78,0x77,0x76,0x77,0x77,0x77,0x77,0x5a,0x41,0x41,0x2f,0x2f,0x22,0x7d,0x2c,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x6a,0x70,0x65,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x55,0x77,0x41,0x4b,0x76,0x61,0x77,0x77,0x77,0x7a,0x77,0x77,0x78,0x77,0x76,0x77,0x77,0x77,0x77,0x5a,0x41,0x41,0x2f,0x2f,0x22,0x7d,0x2c,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x6a,0x70,0x65,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x55,0x77,0x41,0x43,0x76,0x61,0x77,0x77,0x77,0x7a,0x77,0x77,0x78,0x67,0x65,0x6e,0x65,0x72,0x61,0x74,0x41,0x41,0x2f,0x2f,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/jpeg;base64,UwAKvawwwzwwxwvwwwwZAA//\"},{\"uri\":\"data:image/jpeg;base64,UwAKvawwwzwwxwvwwwwZAA//\"},{\"uri\":\"data:image/jpeg;base64,UwACvawwwzwwxgeneratAA//\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-296fc5d8f6b577f38788c0b48baa8f6ce6fcbd53 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvanBlZztiYXNlNjQsVXdBS3Zhd3d3end3eHd2d3d3d1pBQS8vIn0seyJ1cmkiOiJkYXRhOmltYWdlL2pwZWc7YmFzZTY0LFV3QUt2YXd3d3p3d3h3dnd3d3daQUEvLyJ9LHsidXJpIjoiZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCxVd0FDdmF3d3d6d3d4Z2VuZXJhdEFBLy8ifV0sImFzc2V0Ijp7InZlcnNpb24iOiIifX0= Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 18 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1441433316 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x55cbfd997b30, 0x55cbfd99b794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x55cbfd99b798,0x55cbfd9d7dd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/296fc5d8f6b577f38788c0b48baa8f6ce6fcbd53' caused a failure at the previous merge step Step #5: MERGE-INNER: 12669 total files; 9102 processed earlier; will process 3567 files now Step #5: #1 pulse cov: 654 ft: 655 exec/s: 0 rss: 41Mb Step #5: #2 pulse cov: 984 ft: 1218 exec/s: 0 rss: 44Mb Step #5: #4 pulse cov: 1131 ft: 1549 exec/s: 0 rss: 372Mb Step #5: #8 pulse cov: 1542 ft: 2520 exec/s: 0 rss: 372Mb Step #5: #16 pulse cov: 2105 ft: 3915 exec/s: 2 rss: 1894Mb Step #5: #32 pulse cov: 2349 ft: 4926 exec/s: 3 rss: 1894Mb Step #5: #64 pulse cov: 2762 ft: 6535 exec/s: 3 rss: 1894Mb Step #5: #128 pulse cov: 3098 ft: 8687 exec/s: 4 rss: 1894Mb Step #5: #256 pulse cov: 3412 ft: 11205 exec/s: 3 rss: 1894Mb Step #5: ==110== ERROR: libFuzzer: out-of-memory (used: 2140Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 298810178 bytes in 32587 chunks; quarantined: 10193044 bytes in 6941 chunks; 35024 other chunks; total chunks: 74552; showing top 95% (at most 8 unique contexts) Step #5: 270330480 byte(s) (90%) in 1 allocation(s) Step #5: #0 0x55cbfd5d4fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55cbfd6b4ba8 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x55cbfd6b4ba8 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x55cbfd6b4ba8 in stbi__tga_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:5946:31 Step #5: #4 0x55cbfd697f06 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1182:14 Step #5: #5 0x55cbfd614c79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x55cbfd637f7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x55cbfd637f7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x55cbfd734f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x55cbfd734f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x55cbfd734f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x55cbfd734f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x55cbfd7a77bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x55cbfd7a77bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x55cbfd7a77bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x55cbfd65bc84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x55cbfd65bc84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x55cbfd64a3da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x55cbfd694c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x55cbfd694c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x55cbfd694c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x55cbfd4c9210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x55cbfd4d27e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x55cbfd4b9d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x55cbfd4e51c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f918e01c082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 24383096 byte(s) (8%) in 11 allocation(s) Step #5: #0 0x55cbfd5d4fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55cbfd834d73 in operator new(unsigned long) cxa_noexception.cpp Step #5: #2 0x55cbfd4e51c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #3 0x7f918e01c082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--operator new(unsigned long)--main Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./oom-c8b403cad6d7a7a01f58e009f15a905b76b3dd0a Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 19 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1523730063 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x5626f0299b30, 0x5626f029d794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x5626f029d798,0x5626f02d9dd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/c8b403cad6d7a7a01f58e009f15a905b76b3dd0a' caused a failure at the previous merge step Step #5: MERGE-INNER: 12669 total files; 9452 processed earlier; will process 3217 files now Step #5: #1 pulse cov: 1034 ft: 1035 exec/s: 0 rss: 42Mb Step #5: #2 pulse cov: 1145 ft: 1443 exec/s: 0 rss: 44Mb Step #5: #4 pulse cov: 1548 ft: 2308 exec/s: 1 rss: 318Mb Step #5: #8 pulse cov: 1726 ft: 2895 exec/s: 1 rss: 1366Mb Step #5: #16 pulse cov: 2093 ft: 4169 exec/s: 1 rss: 1366Mb Step #5: #32 pulse cov: 2398 ft: 5522 exec/s: 2 rss: 1366Mb Step #5: #64 pulse cov: 2765 ft: 7795 exec/s: 3 rss: 1881Mb Step #5: #128 pulse cov: 3067 ft: 9427 exec/s: 4 rss: 1881Mb Step #5: #256 pulse cov: 3312 ft: 11353 exec/s: 5 rss: 1881Mb Step #5: #512 pulse cov: 3614 ft: 14059 exec/s: 5 rss: 1906Mb Step #5: #1024 pulse cov: 3762 ft: 16968 exec/s: 6 rss: 1906Mb Step #5: #2048 pulse cov: 3825 ft: 20398 exec/s: 4 rss: 1906Mb Step #5: #3217 DONE cov: 3836 ft: 21973 exec/s: 5 rss: 1906Mb Step #5: MERGE-OUTER: successful in 19 attempt(s) Step #5: MERGE-OUTER: the control file has 2295400 bytes Step #5: MERGE-OUTER: consumed 1Mb (61Mb rss) to parse the control file Step #5: MERGE-OUTER: 6514 new files with 25255 new features added; 4322 new coverage edges Step #5: [2025-08-10 07:09:32,102 INFO] Finding shared libraries for targets (if any). Step #5: [2025-08-10 07:09:32,111 INFO] Finished finding shared libraries for targets. Step #5: Coverage error, creating log file: /workspace/out/libfuzzer-coverage-x86_64/fuzzer_stats/fuzz_gltf_error.log Step #5: [2025-08-10 07:09:32,435 INFO] Finding shared libraries for targets (if any). Step #5: [2025-08-10 07:09:32,443 INFO] Finished finding shared libraries for targets. Step #5: [2025-08-10 07:09:32,678 DEBUG] Finished generating per-file code coverage summary. Step #5: [2025-08-10 07:09:32,678 DEBUG] Generating file view html index file as: "/workspace/out/libfuzzer-coverage-x86_64/report/linux/file_view_index.html". Step #5: [2025-08-10 07:09:32,687 DEBUG] Finished generating file view html index file. Step #5: [2025-08-10 07:09:32,688 DEBUG] Calculating per-directory coverage summary. Step #5: [2025-08-10 07:09:32,688 DEBUG] Finished calculating per-directory coverage summary. Step #5: [2025-08-10 07:09:32,688 DEBUG] Writing per-directory coverage html reports. Step #5: [2025-08-10 07:09:32,723 DEBUG] Finished writing per-directory coverage html reports. Step #5: [2025-08-10 07:09:32,723 DEBUG] Generating directory view html index file as: "/workspace/out/libfuzzer-coverage-x86_64/report/linux/directory_view_index.html". Step #5: [2025-08-10 07:09:32,723 DEBUG] Finished generating directory view html index file. Step #5: [2025-08-10 07:09:32,724 INFO] Index file for html report is generated as: "file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/index.html". Step #5: [2025-08-10 07:09:32,951 DEBUG] Finished generating per-file code coverage summary. Step #5: [2025-08-10 07:09:32,951 DEBUG] Generating file view html index file as: "/workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/file_view_index.html". Step #5: [2025-08-10 07:09:32,960 DEBUG] Finished generating file view html index file. Step #5: [2025-08-10 07:09:32,960 DEBUG] Calculating per-directory coverage summary. Step #5: [2025-08-10 07:09:32,960 DEBUG] Finished calculating per-directory coverage summary. Step #5: [2025-08-10 07:09:32,960 DEBUG] Writing per-directory coverage html reports. Step #5: [2025-08-10 07:09:32,995 DEBUG] Finished writing per-directory coverage html reports. Step #5: [2025-08-10 07:09:32,995 DEBUG] Generating directory view html index file as: "/workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/directory_view_index.html". Step #5: [2025-08-10 07:09:32,995 DEBUG] Finished generating directory view html index file. Step #5: [2025-08-10 07:09:32,995 INFO] Index file for html report is generated as: "file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/index.html". Finished Step #5 Starting Step #6 Step #6: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #6: CommandException: 1 files/objects could not be removed. Finished Step #6 Starting Step #7 Step #7: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #7: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/style.css [Content-Type=text/css]... Step #7: / [0/15 files][ 0.0 B/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/directory_view_index.html [Content-Type=text/html]... Step #7: / [0/15 files][ 0.0 B/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/summary.json [Content-Type=application/json]... Step #7: / [0/15 files][ 0.0 B/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/index.html [Content-Type=text/html]... Step #7: / [0/15 files][ 0.0 B/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/report.html [Content-Type=text/html]... Step #7: / [0/15 files][ 0.0 B/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/file_view_index.html [Content-Type=text/html]... Step #7: / [0/15 files][ 3.1 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/report.html [Content-Type=text/html]... Step #7: / [0/15 files][ 3.1 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinygltf/json.hpp.html [Content-Type=text/html]... Step #7: / [0/15 files][ 3.1 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinygltf/report.html [Content-Type=text/html]... Step #7: / [0/15 files][ 5.8 KiB/ 9.3 MiB] 0% Done / [1/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done / [2/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done / [3/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinygltf/stb_image.h.html [Content-Type=text/html]... Step #7: / [3/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinygltf/stb_image_write.h.html [Content-Type=text/html]... Step #7: / [3/15 files][ 26.7 KiB/ 9.3 MiB] 0% Done / [4/15 files][ 26.7 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinygltf/tiny_gltf.h.html [Content-Type=text/html]... Step #7: / [4/15 files][ 26.7 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinygltf/tests/report.html [Content-Type=text/html]... Step #7: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinygltf/tests/fuzzer/report.html [Content-Type=text/html]... Step #7: / [4/15 files][ 26.7 KiB/ 9.3 MiB] 0% Done / [4/15 files][ 26.7 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinygltf/tests/fuzzer/fuzz_gltf.cc.html [Content-Type=text/html]... Step #7: / [4/15 files][554.7 KiB/ 9.3 MiB] 5% Done / [5/15 files][ 1.1 MiB/ 9.3 MiB] 11% Done / [6/15 files][ 7.0 MiB/ 9.3 MiB] 74% Done / [7/15 files][ 7.0 MiB/ 9.3 MiB] 74% Done / [8/15 files][ 7.0 MiB/ 9.3 MiB] 74% Done / [9/15 files][ 8.4 MiB/ 9.3 MiB] 90% Done / [10/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [11/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [12/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [13/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [14/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [15/15 files][ 9.3 MiB/ 9.3 MiB] 100% Done Step #7: Operation completed over 15 objects/9.3 MiB. Finished Step #7 Starting Step #8 Step #8: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #8: CommandException: 1 files/objects could not be removed. Finished Step #8 Starting Step #9 Step #9: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/style.css [Content-Type=text/css]... Step #9: / [0/15 files][ 0.0 B/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/directory_view_index.html [Content-Type=text/html]... Step #9: / [0/15 files][ 2.9 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/summary.json [Content-Type=application/json]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/index.html [Content-Type=text/html]... Step #9: / [0/15 files][ 2.9 KiB/ 9.3 MiB] 0% Done / [0/15 files][ 2.9 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/report.html [Content-Type=text/html]... Step #9: / [0/15 files][ 2.9 KiB/ 9.3 MiB] 0% Done / [1/15 files][ 3.1 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/file_view_index.html [Content-Type=text/html]... Step #9: / [1/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/src/report.html [Content-Type=text/html]... Step #9: / [1/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/src/tinygltf/json.hpp.html [Content-Type=text/html]... Step #9: / [1/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/src/tinygltf/report.html [Content-Type=text/html]... Step #9: / [1/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done / [2/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done / [3/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done / [4/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done / [5/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/src/tinygltf/stb_image.h.html [Content-Type=text/html]... Step #9: / [5/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/src/tinygltf/stb_image_write.h.html [Content-Type=text/html]... Step #9: / [5/15 files][ 26.7 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/src/tinygltf/tiny_gltf.h.html [Content-Type=text/html]... Step #9: / [5/15 files][ 26.7 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/src/tinygltf/tests/report.html [Content-Type=text/html]... Step #9: / [5/15 files][ 26.7 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/src/tinygltf/tests/fuzzer/report.html [Content-Type=text/html]... Step #9: / [5/15 files][ 26.7 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/src/tinygltf/tests/fuzzer/fuzz_gltf.cc.html [Content-Type=text/html]... Step #9: / [5/15 files][ 2.4 MiB/ 9.3 MiB] 25% Done / [6/15 files][ 7.0 MiB/ 9.3 MiB] 74% Done / [7/15 files][ 7.0 MiB/ 9.3 MiB] 74% Done / [8/15 files][ 7.2 MiB/ 9.3 MiB] 77% Done / [9/15 files][ 7.4 MiB/ 9.3 MiB] 78% Done / [10/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [11/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [12/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [13/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [14/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [15/15 files][ 9.3 MiB/ 9.3 MiB] 100% Done Step #9: Operation completed over 15 objects/9.3 MiB. Finished Step #9 Starting Step #10 Step #10: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #10: CommandException: 1 files/objects could not be removed. Finished Step #10 Starting Step #11 Step #11: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #11: Copying file:///workspace/out/libfuzzer-coverage-x86_64/fuzzer_stats/fuzz_gltf.json [Content-Type=application/json]... Step #11: / [0/3 files][ 0.0 B/ 4.0 KiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/fuzzer_stats/fuzz_gltf_error.log [Content-Type=application/octet-stream]... Step #11: / [0/3 files][ 0.0 B/ 4.0 KiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/fuzzer_stats/coverage_targets.txt [Content-Type=text/plain]... Step #11: / [0/3 files][ 2.7 KiB/ 4.0 KiB] 69% Done / [1/3 files][ 4.0 KiB/ 4.0 KiB] 99% Done / [2/3 files][ 4.0 KiB/ 4.0 KiB] 99% Done / [3/3 files][ 4.0 KiB/ 4.0 KiB] 100% Done Step #11: Operation completed over 3 objects/4.0 KiB. Finished Step #11 Starting Step #12 Step #12: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #12: CommandException: 1 files/objects could not be removed. Finished Step #12 Starting Step #13 Step #13: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #13: Copying file:///workspace/out/libfuzzer-coverage-x86_64/textcov_reports/fuzz_gltf.covreport [Content-Type=application/octet-stream]... Step #13: / [0/1 files][ 0.0 B/759.5 KiB] 0% Done / [1/1 files][759.5 KiB/759.5 KiB] 100% Done Step #13: Operation completed over 1 objects/759.5 KiB. Finished Step #13 Starting Step #14 Step #14: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #14: CommandException: 1 files/objects could not be removed. Finished Step #14 Starting Step #15 Step #15: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #15: Copying file:///workspace/out/libfuzzer-coverage-x86_64/logs/fuzz_gltf.log [Content-Type=application/octet-stream]... Step #15: / [0/1 files][ 0.0 B/293.8 KiB] 0% Done / [1/1 files][293.8 KiB/293.8 KiB] 100% Done Step #15: Operation completed over 1 objects/293.8 KiB. Finished Step #15 Starting Step #16 Step #16: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #16: Copying file:///workspace/srcmap.json [Content-Type=application/json]... Step #16: / [0 files][ 0.0 B/ 154.0 B] / [1 files][ 154.0 B/ 154.0 B] Step #16: Operation completed over 1 objects/154.0 B. Finished Step #16 Starting Step #17 Step #17: Already have image (with digest): gcr.io/cloud-builders/curl Step #17: % Total % Received % Xferd Average Speed Time Time Time Current Step #17: Dload Upload Total Spent Left Speed Step #17: 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 312 0 0 100 312 0 1521 --:--:-- --:--:-- --:--:-- 1529 Finished Step #17 PUSH DONE