starting build "dd915116-4d38-4c11-88a0-8bf87dc4043f" FETCHSOURCE BUILD Starting Step #0 Step #0: Already have image (with digest): gcr.io/cloud-builders/git Step #0: Cloning into 'oss-fuzz'... Finished Step #0 Starting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606" Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Already have image (with digest): gcr.io/cloud-builders/docker Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Sending build context to Docker daemon 5.12kB Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Step 1/5 : FROM gcr.io/oss-fuzz-base/base-builder Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": latest: Pulling from oss-fuzz-base/base-builder Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": b549f31133a9: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 07b81fa61654: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 6e80bf8be6a2: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 928dab461205: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 3830bb4e3ade: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": abd887670f5e: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 44388c1eb217: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 973a66094540: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": b19a466c4e1f: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 4bd513bdf95e: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": a1c1bf0634d7: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": be4c30c77154: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 2d8a8910b28f: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": c4c92998f357: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 3d25df2109db: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": f6a4ee1a0119: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": a546a0c29f8c: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": f7c7cd874401: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": e5d257d49244: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 3f8049840189: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": b2036cadfbed: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": aae2f51396a0: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": b19169204329: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": e20350b95f30: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 7494b389c90a: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": ae65c6966314: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 364d65be5b56: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": c20bfbc91410: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": a07d2ace2f2b: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": eb591459e282: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 23912b320ff3: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 28a31c8f11c8: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 44388c1eb217: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 5f806632ef77: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 242279ed83ef: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 928dab461205: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 973a66094540: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 3831f9a49834: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": bfdbcebc60ac: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": c86ee2efc9a9: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": d6d53a0aff62: Pulling fs layer Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": b19a466c4e1f: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": c4c92998f357: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 3d25df2109db: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": f7c7cd874401: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": a546a0c29f8c: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": e5d257d49244: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 3830bb4e3ade: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": f6a4ee1a0119: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 3f8049840189: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": abd887670f5e: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": b2036cadfbed: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 4bd513bdf95e: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": be4c30c77154: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": e20350b95f30: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 28a31c8f11c8: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 2d8a8910b28f: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 5f806632ef77: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": a07d2ace2f2b: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 242279ed83ef: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": ae65c6966314: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 7494b389c90a: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 23912b320ff3: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": a1c1bf0634d7: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": c20bfbc91410: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": d6d53a0aff62: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 3831f9a49834: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 364d65be5b56: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": eb591459e282: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": aae2f51396a0: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": c86ee2efc9a9: Waiting Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 6e80bf8be6a2: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 6e80bf8be6a2: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": b549f31133a9: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": b549f31133a9: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 3830bb4e3ade: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 3830bb4e3ade: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 928dab461205: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 928dab461205: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": abd887670f5e: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": abd887670f5e: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 07b81fa61654: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 07b81fa61654: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 973a66094540: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 973a66094540: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": b19a466c4e1f: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": b19a466c4e1f: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": b549f31133a9: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": a1c1bf0634d7: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": a1c1bf0634d7: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": be4c30c77154: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": be4c30c77154: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 2d8a8910b28f: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 2d8a8910b28f: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 4bd513bdf95e: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 4bd513bdf95e: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": c4c92998f357: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": c4c92998f357: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": f6a4ee1a0119: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": f6a4ee1a0119: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 3d25df2109db: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 3d25df2109db: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": f7c7cd874401: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": f7c7cd874401: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": a546a0c29f8c: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": a546a0c29f8c: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 3f8049840189: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 3f8049840189: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": e5d257d49244: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": b2036cadfbed: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": b2036cadfbed: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": aae2f51396a0: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 44388c1eb217: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 44388c1eb217: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": e20350b95f30: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": b19169204329: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": b19169204329: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 7494b389c90a: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 7494b389c90a: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": ae65c6966314: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 364d65be5b56: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": c20bfbc91410: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": c20bfbc91410: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 23912b320ff3: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 23912b320ff3: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": a07d2ace2f2b: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 28a31c8f11c8: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 28a31c8f11c8: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": eb591459e282: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": eb591459e282: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 07b81fa61654: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 5f806632ef77: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 5f806632ef77: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 6e80bf8be6a2: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 242279ed83ef: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 242279ed83ef: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 3831f9a49834: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 3831f9a49834: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": bfdbcebc60ac: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": bfdbcebc60ac: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": d6d53a0aff62: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": d6d53a0aff62: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": c86ee2efc9a9: Verifying Checksum Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": c86ee2efc9a9: Download complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 928dab461205: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 3830bb4e3ade: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": abd887670f5e: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 44388c1eb217: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 973a66094540: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": b19a466c4e1f: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 4bd513bdf95e: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": a1c1bf0634d7: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": be4c30c77154: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 2d8a8910b28f: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": c4c92998f357: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 3d25df2109db: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": f6a4ee1a0119: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": a546a0c29f8c: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": f7c7cd874401: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": e5d257d49244: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 3f8049840189: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": b2036cadfbed: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": aae2f51396a0: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": b19169204329: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": e20350b95f30: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 7494b389c90a: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": ae65c6966314: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 364d65be5b56: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": c20bfbc91410: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": a07d2ace2f2b: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": eb591459e282: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 23912b320ff3: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 28a31c8f11c8: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 5f806632ef77: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 242279ed83ef: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": 3831f9a49834: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": bfdbcebc60ac: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": c86ee2efc9a9: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": d6d53a0aff62: Pull complete Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Digest: sha256:88eb7b109ecf6282e8bc2a773079bdba57f2a35f8af7b732280b6892a7d1c087 Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Status: Downloaded newer image for gcr.io/oss-fuzz-base/base-builder:latest Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": ---> 459d849b9823 Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Step 2/5 : RUN pip3 install meson ninja Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": ---> Running in 10af4037d334 Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Collecting meson Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Downloading meson-1.9.0-py3-none-any.whl.metadata (1.8 kB) Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Collecting ninja Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Downloading ninja-1.13.0-py3-none-manylinux2014_x86_64.manylinux_2_17_x86_64.whl.metadata (5.1 kB) Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Downloading meson-1.9.0-py3-none-any.whl (1.0 MB) Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.0/1.0 MB 29.6 MB/s 0:00:00 Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Downloading ninja-1.13.0-py3-none-manylinux2014_x86_64.manylinux_2_17_x86_64.whl (180 kB) Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Installing collected packages: ninja, meson Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Successfully installed meson-1.9.0 ninja-1.13.0 Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager, possibly rendering your system unusable. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv. Use the --root-user-action option if you know what you are doing and want to suppress this warning. Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Removing intermediate container 10af4037d334 Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": ---> 5afb6ae36400 Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Step 3/5 : RUN git clone --depth 1 https://github.com/syoyo/tinygltf.git Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": ---> Running in 5652028758af Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Cloning into 'tinygltf'... Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Removing intermediate container 5652028758af Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": ---> 1fc8e89f29be Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Step 4/5 : WORKDIR $SRC/tinygltf Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": ---> Running in 130fa867b8e4 Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Removing intermediate container 130fa867b8e4 Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": ---> d466b42ef8f0 Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Step 5/5 : COPY build.sh $SRC/ Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": ---> edb51341b8c8 Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Successfully built edb51341b8c8 Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Successfully tagged gcr.io/oss-fuzz/tinygltf:latest Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606": Successfully tagged us-central1-docker.pkg.dev/oss-fuzz/unsafe/tinygltf:latest Finished Step #1 - "build-ecced6e9-d5da-4bf8-a518-c831c2e95606" Starting Step #2 - "srcmap" Step #2 - "srcmap": Already have image: gcr.io/oss-fuzz/tinygltf Step #2 - "srcmap": ++ tempfile Step #2 - "srcmap": + SRCMAP=/tmp/fileviyx5M Step #2 - "srcmap": + echo '{}' Step #2 - "srcmap": + PATHS_TO_SCAN=/src Step #2 - "srcmap": + [[ c++ == \g\o ]] Step #2 - "srcmap": ++ find /src -name .git -type d Step #2 - "srcmap": + for DOT_GIT_DIR in $(find $PATHS_TO_SCAN -name ".git" -type d) Step #2 - "srcmap": ++ dirname /src/tinygltf/.git Step #2 - "srcmap": + GIT_DIR=/src/tinygltf Step #2 - "srcmap": + cd /src/tinygltf Step #2 - "srcmap": ++ git config --get remote.origin.url Step #2 - "srcmap": + GIT_URL=https://github.com/syoyo/tinygltf.git Step #2 - "srcmap": ++ git rev-parse HEAD Step #2 - "srcmap": + GIT_REV=37250b3470b517fd6823ee82d6e0495695bb7924 Step #2 - "srcmap": + jq_inplace /tmp/fileviyx5M '."/src/tinygltf" = { type: "git", url: "https://github.com/syoyo/tinygltf.git", rev: "37250b3470b517fd6823ee82d6e0495695bb7924" }' Step #2 - "srcmap": ++ tempfile Step #2 - "srcmap": + F=/tmp/filegWvpob Step #2 - "srcmap": + cat /tmp/fileviyx5M Step #2 - "srcmap": + jq '."/src/tinygltf" = { type: "git", url: "https://github.com/syoyo/tinygltf.git", rev: "37250b3470b517fd6823ee82d6e0495695bb7924" }' Step #2 - "srcmap": + mv /tmp/filegWvpob /tmp/fileviyx5M Step #2 - "srcmap": ++ find /src -name .svn -type d Step #2 - "srcmap": ++ find /src -name .hg -type d Step #2 - "srcmap": + '[' '' '!=' '' ']' Step #2 - "srcmap": + cat /tmp/fileviyx5M Step #2 - "srcmap": + rm /tmp/fileviyx5M Step #2 - "srcmap": { Step #2 - "srcmap": "/src/tinygltf": { Step #2 - "srcmap": "type": "git", Step #2 - "srcmap": "url": "https://github.com/syoyo/tinygltf.git", Step #2 - "srcmap": "rev": "37250b3470b517fd6823ee82d6e0495695bb7924" Step #2 - "srcmap": } Step #2 - "srcmap": } Finished Step #2 - "srcmap" Starting Step #3 - "compile-libfuzzer-coverage-x86_64" Step #3 - "compile-libfuzzer-coverage-x86_64": Already have image (with digest): gcr.io/cloud-builders/docker Step #3 - "compile-libfuzzer-coverage-x86_64": --------------------------------------------------------------- Step #3 - "compile-libfuzzer-coverage-x86_64": vm.mmap_rnd_bits = 28 Step #3 - "compile-libfuzzer-coverage-x86_64": Compiling libFuzzer to /usr/lib/libFuzzingEngine.a... done. Step #3 - "compile-libfuzzer-coverage-x86_64": --------------------------------------------------------------- Step #3 - "compile-libfuzzer-coverage-x86_64": CC=clang Step #3 - "compile-libfuzzer-coverage-x86_64": CXX=clang++ Step #3 - "compile-libfuzzer-coverage-x86_64": CFLAGS=-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=enum-constexpr-conversion -Wno-error=incompatible-function-pointer-types -Wno-error=int-conversion -Wno-error=deprecated-declarations -Wno-error=implicit-function-declaration -Wno-error=implicit-int -Wno-error=vla-cxx-extension -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fprofile-instr-generate -fcoverage-mapping -pthread -Wl,--no-as-needed -Wl,-ldl -Wl,-lm -Wno-unused-command-line-argument Step #3 - "compile-libfuzzer-coverage-x86_64": CXXFLAGS=-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=enum-constexpr-conversion -Wno-error=incompatible-function-pointer-types -Wno-error=int-conversion -Wno-error=deprecated-declarations -Wno-error=implicit-function-declaration -Wno-error=implicit-int -Wno-error=vla-cxx-extension -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fprofile-instr-generate -fcoverage-mapping -pthread -Wl,--no-as-needed -Wl,-ldl -Wl,-lm -Wno-unused-command-line-argument -stdlib=libc++ Step #3 - "compile-libfuzzer-coverage-x86_64": RUSTFLAGS=--cfg fuzzing -Cdebuginfo=1 -Cforce-frame-pointers -Cinstrument-coverage -C link-arg=-lc++ Step #3 - "compile-libfuzzer-coverage-x86_64": --------------------------------------------------------------- Step #3 - "compile-libfuzzer-coverage-x86_64": + cd tests/fuzzer/ Step #3 - "compile-libfuzzer-coverage-x86_64": + meson build Step #3 - "compile-libfuzzer-coverage-x86_64": The Meson build system Step #3 - "compile-libfuzzer-coverage-x86_64": Version: 1.9.0 Step #3 - "compile-libfuzzer-coverage-x86_64": Source dir: /src/tinygltf/tests/fuzzer Step #3 - "compile-libfuzzer-coverage-x86_64": Build dir: /src/tinygltf/tests/fuzzer/build Step #3 - "compile-libfuzzer-coverage-x86_64": Build type: native build Step #3 - "compile-libfuzzer-coverage-x86_64": Project name: fuzz_tinygltf Step #3 - "compile-libfuzzer-coverage-x86_64": Project version: undefined Step #3 - "compile-libfuzzer-coverage-x86_64": C++ compiler for the host machine: clang++ (clang 18.1.8 "clang version 18.1.8 (https://github.com/llvm/llvm-project.git 3b5b5c1ec4a3095ab096dd780e84d7ab81f3d7ff)") Step #3 - "compile-libfuzzer-coverage-x86_64": C++ linker for the host machine: clang++ ld.bfd 2.34 Step #3 - "compile-libfuzzer-coverage-x86_64": Host machine cpu family: x86_64 Step #3 - "compile-libfuzzer-coverage-x86_64": Host machine cpu: x86_64 Step #3 - "compile-libfuzzer-coverage-x86_64": Build targets in project: 1 Step #3 - "compile-libfuzzer-coverage-x86_64": Step #3 - "compile-libfuzzer-coverage-x86_64": Found ninja-1.13.0.git.kitware.jobserver-pipe-1 at /usr/local/bin/ninja Step #3 - "compile-libfuzzer-coverage-x86_64": WARNING: Running the setup command as `meson [options]` instead of `meson setup [options]` is ambiguous and deprecated. Step #3 - "compile-libfuzzer-coverage-x86_64": + cd build Step #3 - "compile-libfuzzer-coverage-x86_64": ++ nproc Step #3 - "compile-libfuzzer-coverage-x86_64": + ninja -j32 Step #3 - "compile-libfuzzer-coverage-x86_64": [0/2] Compiling C++ object fuzz_gltf.p/fuzz_gltf.cc.o [1/2] Compiling C++ object fuzz_gltf.p/fuzz_gltf.cc.o [1/2] Linking target fuzz_gltf [2/2] Linking target fuzz_gltf Step #3 - "compile-libfuzzer-coverage-x86_64": + cp fuzz_gltf /workspace/out/libfuzzer-coverage-x86_64/ Finished Step #3 - "compile-libfuzzer-coverage-x86_64" Starting Step #4 Step #4: Pulling image: gcr.io/oss-fuzz-base/base-runner Step #4: Using default tag: latest Step #4: latest: Pulling from oss-fuzz-base/base-runner Step #4: b549f31133a9: Already exists Step #4: 07b81fa61654: Already exists Step #4: 6e80bf8be6a2: Already exists Step #4: a7aadeb99f37: Pulling fs layer Step #4: 9941e45d47b5: Pulling fs layer Step #4: c25dd6cbbd60: Pulling fs layer Step #4: 1f0d2fddaf3d: Pulling fs layer Step #4: 2d065db4c97d: Pulling fs layer Step #4: c3339aa15c47: Pulling fs layer Step #4: 8209db57e755: Pulling fs layer Step #4: ba851c8faad7: Pulling fs layer Step #4: 00696c915222: Pulling fs layer Step #4: b41d7e94c5b2: Pulling fs layer Step #4: aa70268cadac: Pulling fs layer Step #4: c0a768b6c3a5: Pulling fs layer Step #4: 429ecdd9caf6: Pulling fs layer Step #4: 615915d1d211: Pulling fs layer Step #4: b9ecb9f90b18: Pulling fs layer Step #4: ed67a1304af3: Pulling fs layer Step #4: 071c45a44d97: Pulling fs layer Step #4: 91686fb3a9ce: Pulling fs layer Step #4: d165a9bf228b: Pulling fs layer Step #4: 53726fb23665: Pulling fs layer Step #4: 0b3976d4b25a: Pulling fs layer Step #4: 2c57a68fe209: Pulling fs layer Step #4: f7bf4d67b0cc: Pulling fs layer Step #4: ba851c8faad7: Waiting Step #4: 00696c915222: Waiting Step #4: b41d7e94c5b2: Waiting Step #4: aa70268cadac: Waiting Step #4: c0a768b6c3a5: Waiting Step #4: 1f0d2fddaf3d: Waiting Step #4: 429ecdd9caf6: Waiting Step #4: 615915d1d211: Waiting Step #4: b9ecb9f90b18: Waiting Step #4: 0b3976d4b25a: Waiting Step #4: 2c57a68fe209: Waiting Step #4: f7bf4d67b0cc: Waiting Step #4: ed67a1304af3: Waiting Step #4: 071c45a44d97: Waiting Step #4: 91686fb3a9ce: Waiting Step #4: d165a9bf228b: Waiting Step #4: 53726fb23665: Waiting Step #4: 2d065db4c97d: Waiting Step #4: c3339aa15c47: Waiting Step #4: 8209db57e755: Waiting Step #4: c25dd6cbbd60: Verifying Checksum Step #4: c25dd6cbbd60: Download complete Step #4: a7aadeb99f37: Download complete Step #4: 9941e45d47b5: Verifying Checksum Step #4: 9941e45d47b5: Download complete Step #4: a7aadeb99f37: Pull complete Step #4: 2d065db4c97d: Verifying Checksum Step #4: 2d065db4c97d: Download complete Step #4: 1f0d2fddaf3d: Verifying Checksum Step #4: 1f0d2fddaf3d: Download complete Step #4: 8209db57e755: Verifying Checksum Step #4: 8209db57e755: Download complete Step #4: ba851c8faad7: Verifying Checksum Step #4: ba851c8faad7: Download complete Step #4: 9941e45d47b5: Pull complete Step #4: 00696c915222: Verifying Checksum Step #4: 00696c915222: Download complete Step #4: c25dd6cbbd60: Pull complete Step #4: aa70268cadac: Verifying Checksum Step #4: aa70268cadac: Download complete Step #4: 1f0d2fddaf3d: Pull complete Step #4: c3339aa15c47: Verifying Checksum Step #4: c3339aa15c47: Download complete Step #4: c0a768b6c3a5: Download complete Step #4: 2d065db4c97d: Pull complete Step #4: 429ecdd9caf6: Verifying Checksum Step #4: 429ecdd9caf6: Download complete Step #4: b9ecb9f90b18: Download complete Step #4: b41d7e94c5b2: Download complete Step #4: 071c45a44d97: Verifying Checksum Step #4: 071c45a44d97: Download complete Step #4: 91686fb3a9ce: Download complete Step #4: d165a9bf228b: Verifying Checksum Step #4: d165a9bf228b: Download complete Step #4: ed67a1304af3: Verifying Checksum Step #4: ed67a1304af3: Download complete Step #4: 615915d1d211: Verifying Checksum Step #4: 615915d1d211: Download complete Step #4: c3339aa15c47: Pull complete Step #4: 2c57a68fe209: Download complete Step #4: 8209db57e755: Pull complete Step #4: 0b3976d4b25a: Verifying Checksum Step #4: 0b3976d4b25a: Download complete Step #4: ba851c8faad7: Pull complete Step #4: f7bf4d67b0cc: Verifying Checksum Step #4: f7bf4d67b0cc: Download complete Step #4: 00696c915222: Pull complete Step #4: 53726fb23665: Verifying Checksum Step #4: 53726fb23665: Download complete Step #4: b41d7e94c5b2: Pull complete Step #4: aa70268cadac: Pull complete Step #4: c0a768b6c3a5: Pull complete Step #4: 429ecdd9caf6: Pull complete Step #4: 615915d1d211: Pull complete Step #4: b9ecb9f90b18: Pull complete Step #4: ed67a1304af3: Pull complete Step #4: 071c45a44d97: Pull complete Step #4: 91686fb3a9ce: Pull complete Step #4: d165a9bf228b: Pull complete Step #4: 53726fb23665: Pull complete Step #4: 0b3976d4b25a: Pull complete Step #4: 2c57a68fe209: Pull complete Step #4: f7bf4d67b0cc: Pull complete Step #4: Digest: sha256:de26cef137b82a22e93b8ec53f5bcd714dcfbd7d9700bf4f963a977f1e24c787 Step #4: Status: Downloaded newer image for gcr.io/oss-fuzz-base/base-runner:latest Step #4: gcr.io/oss-fuzz-base/base-runner:latest Finished Step #4 Starting Step #5 Step #5: Already have image (with digest): gcr.io/oss-fuzz-base/base-runner Step #5: Running fuzz_gltf Step #5: Error occured while running fuzz_gltf: Step #5: Cov returncode: 0, grep returncode: 0 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1794406232 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x564e94afdb30, 0x564e94b01794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x564e94b01798,0x564e94b3ddd8), Step #5: MERGE-OUTER: 12845 files, 0 in the initial corpus, 0 processed earlier Step #5: MERGE-OUTER: attempt 1 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1794475897 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x559d1c082b30, 0x559d1c086794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x559d1c086798,0x559d1c0c2dd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: 12845 total files; 0 processed earlier; will process 12845 files now Step #5: #1 pulse cov: 101 ft: 102 exec/s: 0 rss: 36Mb Step #5: #2 pulse cov: 101 ft: 102 exec/s: 0 rss: 37Mb Step #5: #4 pulse cov: 357 ft: 376 exec/s: 0 rss: 38Mb Step #5: #8 pulse cov: 419 ft: 458 exec/s: 0 rss: 38Mb Step #5: #16 pulse cov: 489 ft: 578 exec/s: 0 rss: 39Mb Step #5: #32 pulse cov: 515 ft: 628 exec/s: 0 rss: 39Mb Step #5: #64 pulse cov: 589 ft: 785 exec/s: 0 rss: 40Mb Step #5: #128 pulse cov: 687 ft: 977 exec/s: 0 rss: 41Mb Step #5: #256 pulse cov: 770 ft: 1134 exec/s: 0 rss: 43Mb Step #5: #512 pulse cov: 862 ft: 1455 exec/s: 0 rss: 48Mb Step #5: #1024 pulse cov: 964 ft: 2155 exec/s: 0 rss: 55Mb Step #5: #2048 pulse cov: 1200 ft: 3830 exec/s: 0 rss: 58Mb Step #5: #4096 pulse cov: 3069 ft: 10267 exec/s: 0 rss: 65Mb Step #5: ==42== ERROR: libFuzzer: out-of-memory (used: 2065Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 1583634995 bytes in 33186 chunks; quarantined: 10847909 bytes in 6350 chunks; 56018 other chunks; total chunks: 95554; showing top 95% (at most 8 unique contexts) Step #5: 691163704 byte(s) (43%) in 1 allocation(s) Step #5: #0 0x559d1bcbffdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x559d1bdb3705 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x559d1bdb3705 in stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:6813:35 Step #5: #3 0x559d1bd810af in stbi__gif_load /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:7074:8 Step #5: #4 0x559d1bd810af in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1151:35 Step #5: #5 0x559d1bcffc79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x559d1bd22f7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x559d1bd22f7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x559d1be1ff02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x559d1be1ff02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x559d1be1ff02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x559d1be1ff02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x559d1be927bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x559d1be927bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x559d1be927bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x559d1bd46c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x559d1bd46c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x559d1bd353da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x559d1bd7fc1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x559d1bd7fc1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x559d1bd7fc1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x559d1bbb4210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x559d1bbbd7e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x559d1bba4d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x559d1bbd01c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f3d1865d082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) Step #5: 691163704 byte(s) (43%) in 1 allocation(s) Step #5: #0 0x559d1bcbffdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x559d1bdb36d2 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x559d1bdb36d2 in stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:6812:28 Step #5: #3 0x559d1bd810af in stbi__gif_load /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:7074:8 Step #5: #4 0x559d1bd810af in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1151:35 Step #5: #5 0x559d1bcffc79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x559d1bd22f7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x559d1bd22f7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x559d1be1ff02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x559d1be1ff02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x559d1be1ff02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x559d1be1ff02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x559d1be927bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x559d1be927bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x559d1be927bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x559d1bd46c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x559d1bd46c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x559d1bd353da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x559d1bd7fc1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x559d1bd7fc1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x559d1bd7fc1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x559d1bbb4210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x559d1bbbd7e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x559d1bba4d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x559d1bbd01c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f3d1865d082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) Step #5: 172790926 byte(s) (10%) in 1 allocation(s) Step #5: #0 0x559d1bcbffdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x559d1bdb373d in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x559d1bdb373d in stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:6814:32 Step #5: #3 0x559d1bd810af in stbi__gif_load /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:7074:8 Step #5: #4 0x559d1bd810af in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1151:35 Step #5: #5 0x559d1bcffc79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x559d1bd22f7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x559d1bd22f7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x559d1be1ff02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x559d1be1ff02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x559d1be1ff02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x559d1be1ff02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x559d1be927bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x559d1be927bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x559d1be927bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x559d1bd46c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x559d1bd46c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x559d1bd353da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x559d1bd7fc1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x559d1bd7fc1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x559d1bd7fc1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x559d1bbb4210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x559d1bbbd7e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x559d1bba4d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x559d1bbd01c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f3d1865d082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__gif_load_next(stbi__context*, stbi__gif*, int*, int, unsigned char*) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x70,0x6e,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x52,0x30,0x6c,0x47,0x4f,0x44,0x64,0x68,0x67,0x4f,0x61,0x6d,0x44,0x79,0x79,0x79,0x79,0x79,0x45,0x6d,0x61,0x73,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/png;base64,R0lGODdhgOamDyyyyyEmas\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-c4affa21d74a2bf3fac8ecf0e0e0aac5736d429b Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxSMGxHT0RkaGdPYW1EeXl5eXlFbWFzIn1dLCJhc3NldCI6eyJ2ZXJzaW9uIjoiIn19 Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 2 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1798780188 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x55f36811db30, 0x55f368121794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x55f368121798,0x55f36815ddd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/c4affa21d74a2bf3fac8ecf0e0e0aac5736d429b' caused a failure at the previous merge step Step #5: MERGE-INNER: 12845 total files; 5501 processed earlier; will process 7344 files now Step #5: #1 pulse cov: 791 ft: 792 exec/s: 0 rss: 1525Mb Step #5: #2 pulse cov: 870 ft: 901 exec/s: 0 rss: 1525Mb Step #5: #4 pulse cov: 1080 ft: 1305 exec/s: 0 rss: 1525Mb Step #5: #8 pulse cov: 1250 ft: 1803 exec/s: 0 rss: 1525Mb Step #5: #16 pulse cov: 1595 ft: 2357 exec/s: 1 rss: 1525Mb Step #5: #32 pulse cov: 1892 ft: 2968 exec/s: 1 rss: 1525Mb Step #5: ==46== ERROR: libFuzzer: out-of-memory (used: 2104Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 171796577 bytes in 20458 chunks; quarantined: 9018084 bytes in 221 chunks; 49052 other chunks; total chunks: 69731; showing top 95% (at most 8 unique contexts) Step #5: 143715900 byte(s) (83%) in 1 allocation(s) Step #5: #0 0x55f367d5afdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55f367e3aba8 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x55f367e3aba8 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x55f367e3aba8 in stbi__tga_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:5946:31 Step #5: #4 0x55f367e1df06 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1182:14 Step #5: #5 0x55f367d9ac79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x55f367dbdf7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x55f367dbdf7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x55f367ebaf02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x55f367ebaf02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x55f367ebaf02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x55f367ebaf02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x55f367f2d7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x55f367f2d7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x55f367f2d7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x55f367de1c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x55f367de1c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x55f367dd03da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x55f367e1ac1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x55f367e1ac1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x55f367e1ac1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x55f367c4f210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x55f367c587e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x55f367c3fd95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x55f367c6b1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7fe9a652a082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 24383096 byte(s) (14%) in 11 allocation(s) Step #5: #0 0x55f367d5afdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55f367fbad73 in operator new(unsigned long) cxa_noexception.cpp Step #5: #2 0x55f367c6b1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #3 0x7fe9a652a082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--operator new(unsigned long)--main Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x67,0x69,0x66,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x64,0x41,0x45,0x42,0x65,0x6e,0x6e,0x2f,0x58,0x42,0x42,0x6d,0x42,0x42,0x45,0x33,0x31,0x31,0x6f,0x4d,0x43,0x42,0x42,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/gif;base64,dAEBenn/XBBmBBE311oMCBB\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-d8fd141160b630567342565fb9449942e5dee631 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvZ2lmO2Jhc2U2NCxkQUVCZW5uL1hCQm1CQkUzMTFvTUNCQiJ9XSwiYXNzZXQiOnsidmVyc2lvbiI6IiJ9fQ== Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 3 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1840071285 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x55c4f5876b30, 0x55c4f587a794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x55c4f587a798,0x55c4f58b6dd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/d8fd141160b630567342565fb9449942e5dee631' caused a failure at the previous merge step Step #5: MERGE-INNER: 12845 total files; 5552 processed earlier; will process 7293 files now Step #5: #1 pulse cov: 691 ft: 692 exec/s: 0 rss: 40Mb Step #5: #2 pulse cov: 935 ft: 1094 exec/s: 0 rss: 43Mb Step #5: #4 pulse cov: 1056 ft: 1260 exec/s: 0 rss: 43Mb Step #5: #8 pulse cov: 1176 ft: 1468 exec/s: 0 rss: 138Mb Step #5: #16 pulse cov: 1257 ft: 1729 exec/s: 16 rss: 138Mb Step #5: #32 pulse cov: 1602 ft: 2251 exec/s: 4 rss: 438Mb Step #5: #64 pulse cov: 1772 ft: 2630 exec/s: 2 rss: 1323Mb Step #5: #128 pulse cov: 2297 ft: 3905 exec/s: 2 rss: 1547Mb Step #5: ==50== ERROR: libFuzzer: out-of-memory (used: 2088Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 127418043 bytes in 22940 chunks; quarantined: 3321749 bytes in 2704 chunks; 40426 other chunks; total chunks: 66070; showing top 95% (at most 8 unique contexts) Step #5: 99179907 byte(s) (77%) in 1 allocation(s) Step #5: #0 0x55c4f54b3fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55c4f5593ba8 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x55c4f5593ba8 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x55c4f5593ba8 in stbi__tga_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:5946:31 Step #5: #4 0x55c4f5576f06 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1182:14 Step #5: #5 0x55c4f54f3c79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x55c4f5516f7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x55c4f5516f7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x55c4f5613f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x55c4f5613f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x55c4f5613f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x55c4f5613f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x55c4f56867bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x55c4f56867bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x55c4f56867bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x55c4f553ac84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x55c4f553ac84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x55c4f55293da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x55c4f5573c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x55c4f5573c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x55c4f5573c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x55c4f53a8210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x55c4f53b17e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x55c4f5398d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x55c4f53c41c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f17b5cf2082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 24383096 byte(s) (19%) in 11 allocation(s) Step #5: #0 0x55c4f54b3fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55c4f5713d73 in operator new(unsigned long) cxa_noexception.cpp Step #5: #2 0x55c4f53c41c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #3 0x7f17b5cf2082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--operator new(unsigned long)--main Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x6a,0x70,0x65,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x56,0x41,0x45,0x42,0x77,0x69,0x6d,0x69,0x71,0x52,0x42,0x6e,0x42,0x4f,0x74,0x61,0x74,0x65,0x34,0x64,0x41,0x67,0x67,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/jpeg;base64,VAEBwimiqRBnBOtate4dAgg\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-f3a53c3453d35066bae4fff1dadb367c2c49681a Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvanBlZztiYXNlNjQsVkFFQndpbWlxUkJuQk90YXRlNGRBZ2cifV0sImFzc2V0Ijp7InZlcnNpb24iOiIifX0= Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 4 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1893361437 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x558f44a58b30, 0x558f44a5c794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x558f44a5c798,0x558f44a98dd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/f3a53c3453d35066bae4fff1dadb367c2c49681a' caused a failure at the previous merge step Step #5: MERGE-INNER: 12845 total files; 5717 processed earlier; will process 7128 files now Step #5: #1 pulse cov: 902 ft: 903 exec/s: 0 rss: 424Mb Step #5: #2 pulse cov: 972 ft: 1052 exec/s: 1 rss: 424Mb Step #5: #4 pulse cov: 1059 ft: 1205 exec/s: 2 rss: 424Mb Step #5: #8 pulse cov: 1377 ft: 1883 exec/s: 4 rss: 424Mb Step #5: #16 pulse cov: 1565 ft: 2172 exec/s: 4 rss: 424Mb Step #5: #32 pulse cov: 1721 ft: 2603 exec/s: 8 rss: 1529Mb Step #5: #64 pulse cov: 2029 ft: 3323 exec/s: 5 rss: 1782Mb Step #5: #128 pulse cov: 2470 ft: 4962 exec/s: 4 rss: 1782Mb Step #5: ==54== ERROR: libFuzzer: out-of-memory (used: 2300Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 82129417 bytes in 24043 chunks; quarantined: 7243288 bytes in 2357 chunks; 43966 other chunks; total chunks: 70366; showing top 95% (at most 8 unique contexts) Step #5: 53977374 byte(s) (65%) in 1 allocation(s) Step #5: #0 0x558f44695fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x558f44775ba8 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x558f44775ba8 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x558f44775ba8 in stbi__tga_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:5946:31 Step #5: #4 0x558f44758f06 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1182:14 Step #5: #5 0x558f446d5c79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x558f446f8f7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x558f446f8f7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x558f447f5f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x558f447f5f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x558f447f5f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x558f447f5f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x558f448687bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x558f448687bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x558f448687bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x558f4471cc84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x558f4471cc84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x558f4470b3da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x558f44755c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x558f44755c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x558f44755c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x558f4458a210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x558f445937e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x558f4457ad95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x558f445a61c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7effca695082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 24383096 byte(s) (29%) in 11 allocation(s) Step #5: #0 0x558f44695fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x558f448f5d73 in operator new(unsigned long) cxa_noexception.cpp Step #5: #2 0x558f445a61c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #3 0x7effca695082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--operator new(unsigned long)--main Step #5: 1233120 byte(s) (1%) in 12845 allocation(s) Step #5: #0 0x558f44695fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x558f448f5d73 in operator new(unsigned long) cxa_noexception.cpp Step #5: #2 0x558f445917fa in fuzzer::Merger::Parse(std::__Fuzzer::basic_istream>&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:73:10 Step #5: #3 0x558f4459332e in ParseOrExit /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:32:8 Step #5: #4 0x558f4459332e in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:209:5 Step #5: #5 0x558f4457ad95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #6 0x558f445a61c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7effca695082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--operator new(unsigned long)--fuzzer::Merger::Parse(std::__Fuzzer::basic_istream>&, bool) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x67,0x69,0x66,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x41,0x41,0x41,0x4c,0x41,0x41,0x41,0x41,0x41,0x41,0x42,0x68,0x6d,0x42,0x42,0x42,0x7a,0x32,0x42,0x42,0x42,0x42,0x41,0x42,0x43,0x7a,0x42,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/gif;base64,AAALAAAAAABhmBBBz2BBBBABCzB\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-fad394ecc78db05fce55233b342c2c2391d6e437 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvZ2lmO2Jhc2U2NCxBQUFMQUFBQUFBQmhtQkJCejJCQkJCQUJDekIifV0sImFzc2V0Ijp7InZlcnNpb24iOiIifX0= Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 5 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1930652408 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x55662592db30, 0x556625931794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x556625931798,0x55662596ddd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/fad394ecc78db05fce55233b342c2c2391d6e437' caused a failure at the previous merge step Step #5: MERGE-INNER: 12845 total files; 5881 processed earlier; will process 6964 files now Step #5: #1 pulse cov: 791 ft: 792 exec/s: 0 rss: 43Mb Step #5: #2 pulse cov: 868 ft: 886 exec/s: 0 rss: 1375Mb Step #5: #4 pulse cov: 1197 ft: 1468 exec/s: 0 rss: 1375Mb Step #5: #8 pulse cov: 1433 ft: 2019 exec/s: 4 rss: 1375Mb Step #5: #16 pulse cov: 1551 ft: 2239 exec/s: 8 rss: 1531Mb Step #5: #32 pulse cov: 1720 ft: 2702 exec/s: 10 rss: 1531Mb Step #5: #64 pulse cov: 2350 ft: 4292 exec/s: 21 rss: 1534Mb Step #5: #128 pulse cov: 2739 ft: 5791 exec/s: 6 rss: 1830Mb Step #5: ==58== ERROR: libFuzzer: out-of-memory (used: 2147Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 2423172316 bytes in 26137 chunks; quarantined: 6795828 bytes in 95 chunks; 52669 other chunks; total chunks: 78901; showing top 95% (at most 8 unique contexts) Step #5: 1197468481 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x55662556afdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x5566256415f2 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x5566256415f2 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x5566256415f2 in load_jpeg_image /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:3920:28 Step #5: #4 0x5566256415f2 in stbi__jpeg_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:4035:13 Step #5: #5 0x55662562c780 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1166:35 Step #5: #6 0x5566255aac79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #7 0x5566255cdf7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #8 0x5566255cdf7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #9 0x5566256caf02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #10 0x5566256caf02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #11 0x5566256caf02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #12 0x5566256caf02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #13 0x55662573d7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #14 0x55662573d7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #15 0x55662573d7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #16 0x5566255f1c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #17 0x5566255f1c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #18 0x5566255e03da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #19 0x55662562ac1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #20 0x55662562ac1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #21 0x55662562ac1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #22 0x55662545f210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #23 0x5566254687e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #24 0x55662544fd95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #25 0x55662547b1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #26 0x7f4471fbd082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 1197468480 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x5566255a83ad in operator new(unsigned long) /src/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:86:3 Step #5: #1 0x55662568d3b1 in __libcpp_operator_new /usr/local/bin/../include/c++/v1/new:271:10 Step #5: #2 0x55662568d3b1 in __libcpp_allocate /usr/local/bin/../include/c++/v1/new:295:10 Step #5: #3 0x55662568d3b1 in allocate /usr/local/bin/../include/c++/v1/__memory/allocator.h:125:32 Step #5: #4 0x55662568d3b1 in __allocate_at_least > /usr/local/bin/../include/c++/v1/__memory/allocate_at_least.h:55:19 Step #5: #5 0x55662568d3b1 in std::__1::__split_buffer&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator&) /usr/local/bin/../include/c++/v1/__split_buffer:343:25 Step #5: #6 0x5566256cbc1e in std::__1::vector>::__append(unsigned long) /usr/local/bin/../include/c++/v1/vector:1095:49 Step #5: #7 0x5566255cec09 in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2732:18 Step #5: #8 0x5566256caf02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x5566256caf02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x5566256caf02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x5566256caf02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x55662573d7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x55662573d7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x55662573d7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x5566255f1c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x5566255f1c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x5566255e03da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x55662562ac1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x55662562ac1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x55662562ac1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x55662545f210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x5566254687e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x55662544fd95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x55662547b1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f4471fbd082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: operator new(unsigned long)--__libcpp_operator_new--__libcpp_allocate Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x70,0x6e,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x2f,0x2f,0x2f,0x59,0x2f,0x2f,0x2f,0x43,0x41,0x42,0x45,0x49,0x52,0x35,0x41,0x2f,0x31,0x51,0x4f,0x45,0x45,0x51,0x4e,0x30,0x49,0x51,0x47,0x2f,0x45,0x6b,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/png;base64,///Y///CABEIR5A/1QOEEQN0IQG/Ek\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-45f67d3776bfc8f2dd7cb328aaded92dc9f276ba Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCwvLy9ZLy8vQ0FCRUlSNUEvMVFPRUVRTjBJUUcvRWsifV0sImFzc2V0Ijp7InZlcnNpb24iOiIifX0= Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 6 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1993956659 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x55cc50389b30, 0x55cc5038d794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x55cc5038d798,0x55cc503c9dd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/45f67d3776bfc8f2dd7cb328aaded92dc9f276ba' caused a failure at the previous merge step Step #5: MERGE-INNER: 12845 total files; 6112 processed earlier; will process 6733 files now Step #5: #1 pulse cov: 897 ft: 898 exec/s: 0 rss: 1634Mb Step #5: #2 pulse cov: 958 ft: 979 exec/s: 0 rss: 1634Mb Step #5: #4 pulse cov: 968 ft: 1030 exec/s: 0 rss: 1634Mb Step #5: #8 pulse cov: 1296 ft: 1760 exec/s: 1 rss: 1634Mb Step #5: #16 pulse cov: 1327 ft: 1915 exec/s: 1 rss: 1634Mb Step #5: ==62== ERROR: libFuzzer: out-of-memory (used: 2122Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 2416247828 bytes in 18404 chunks; quarantined: 5684187 bytes in 143 chunks; 47560 other chunks; total chunks: 66107; showing top 95% (at most 8 unique contexts) Step #5: 1194161473 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x55cc4ffc6fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55cc5009d5f2 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x55cc5009d5f2 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x55cc5009d5f2 in load_jpeg_image /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:3920:28 Step #5: #4 0x55cc5009d5f2 in stbi__jpeg_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:4035:13 Step #5: #5 0x55cc50088780 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1166:35 Step #5: #6 0x55cc50006c79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #7 0x55cc50029f7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #8 0x55cc50029f7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #9 0x55cc50126f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #10 0x55cc50126f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #11 0x55cc50126f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #12 0x55cc50126f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #13 0x55cc501997bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #14 0x55cc501997bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #15 0x55cc501997bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #16 0x55cc5004dc84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #17 0x55cc5004dc84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #18 0x55cc5003c3da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #19 0x55cc50086c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #20 0x55cc50086c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #21 0x55cc50086c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #22 0x55cc4febb210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #23 0x55cc4fec47e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #24 0x55cc4feabd95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #25 0x55cc4fed71c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #26 0x7fdbc53cc082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 1194161472 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x55cc500043ad in operator new(unsigned long) /src/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:86:3 Step #5: #1 0x55cc500e93b1 in __libcpp_operator_new /usr/local/bin/../include/c++/v1/new:271:10 Step #5: #2 0x55cc500e93b1 in __libcpp_allocate /usr/local/bin/../include/c++/v1/new:295:10 Step #5: #3 0x55cc500e93b1 in allocate /usr/local/bin/../include/c++/v1/__memory/allocator.h:125:32 Step #5: #4 0x55cc500e93b1 in __allocate_at_least > /usr/local/bin/../include/c++/v1/__memory/allocate_at_least.h:55:19 Step #5: #5 0x55cc500e93b1 in std::__1::__split_buffer&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator&) /usr/local/bin/../include/c++/v1/__split_buffer:343:25 Step #5: #6 0x55cc50127c1e in std::__1::vector>::__append(unsigned long) /usr/local/bin/../include/c++/v1/vector:1095:49 Step #5: #7 0x55cc5002ac09 in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2732:18 Step #5: #8 0x55cc50126f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x55cc50126f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x55cc50126f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x55cc50126f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x55cc501997bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x55cc501997bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x55cc501997bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x55cc5004dc84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x55cc5004dc84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x55cc5003c3da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x55cc50086c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x55cc50086c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x55cc50086c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x55cc4febb210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x55cc4fec47e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x55cc4feabd95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x55cc4fed71c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7fdbc53cc082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: operator new(unsigned long)--__libcpp_operator_new--__libcpp_allocate Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x70,0x6e,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x2f,0x2f,0x2f,0x59,0x2f,0x2f,0x2f,0x43,0x41,0x42,0x45,0x49,0x52,0x31,0x41,0x2f,0x34,0x51,0x4f,0x45,0x45,0x51,0x4e,0x30,0x49,0x51,0x47,0x2f,0x45,0x6b,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/png;base64,///Y///CABEIR1A/4QOEEQN0IQG/Ek\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-7752a2a5ceeb14e0d62f2e7a388d61ba126056a8 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCwvLy9ZLy8vQ0FCRUlSMUEvNFFPRUVRTjBJUUcvRWsifV0sImFzc2V0Ijp7InZlcnNpb24iOiIifX0= Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 7 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2016253153 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x55fbbe2eeb30, 0x55fbbe2f2794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x55fbbe2f2798,0x55fbbe32edd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/7752a2a5ceeb14e0d62f2e7a388d61ba126056a8' caused a failure at the previous merge step Step #5: MERGE-INNER: 12845 total files; 6138 processed earlier; will process 6707 files now Step #5: ==66== ERROR: libFuzzer: out-of-memory (used: 2276Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 2643028804 bytes in 12900 chunks; quarantined: 1021619 bytes in 14596 chunks; 34394 other chunks; total chunks: 61890; showing top 95% (at most 8 unique contexts) Step #5: 1307662337 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x55fbbdf2bfdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55fbbe0025f2 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x55fbbe0025f2 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x55fbbe0025f2 in load_jpeg_image /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:3920:28 Step #5: #4 0x55fbbe0025f2 in stbi__jpeg_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:4035:13 Step #5: #5 0x55fbbdfed780 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1166:35 Step #5: #6 0x55fbbdf6bc79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #7 0x55fbbdf8ef7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #8 0x55fbbdf8ef7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #9 0x55fbbe08bf02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #10 0x55fbbe08bf02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #11 0x55fbbe08bf02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #12 0x55fbbe08bf02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #13 0x55fbbe0fe7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #14 0x55fbbe0fe7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #15 0x55fbbe0fe7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #16 0x55fbbdfb2c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #17 0x55fbbdfb2c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #18 0x55fbbdfa13da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #19 0x55fbbdfebc1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #20 0x55fbbdfebc1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #21 0x55fbbdfebc1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #22 0x55fbbde20210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #23 0x55fbbde297e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #24 0x55fbbde10d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #25 0x55fbbde3c1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #26 0x7faea9c6f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 1307662336 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x55fbbdf693ad in operator new(unsigned long) /src/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:86:3 Step #5: #1 0x55fbbe04e3b1 in __libcpp_operator_new /usr/local/bin/../include/c++/v1/new:271:10 Step #5: #2 0x55fbbe04e3b1 in __libcpp_allocate /usr/local/bin/../include/c++/v1/new:295:10 Step #5: #3 0x55fbbe04e3b1 in allocate /usr/local/bin/../include/c++/v1/__memory/allocator.h:125:32 Step #5: #4 0x55fbbe04e3b1 in __allocate_at_least > /usr/local/bin/../include/c++/v1/__memory/allocate_at_least.h:55:19 Step #5: #5 0x55fbbe04e3b1 in std::__1::__split_buffer&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator&) /usr/local/bin/../include/c++/v1/__split_buffer:343:25 Step #5: #6 0x55fbbe08cc1e in std::__1::vector>::__append(unsigned long) /usr/local/bin/../include/c++/v1/vector:1095:49 Step #5: #7 0x55fbbdf8fc09 in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2732:18 Step #5: #8 0x55fbbe08bf02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x55fbbe08bf02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x55fbbe08bf02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x55fbbe08bf02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x55fbbe0fe7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x55fbbe0fe7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x55fbbe0fe7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x55fbbdfb2c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x55fbbdfb2c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x55fbbdfa13da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x55fbbdfebc1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x55fbbdfebc1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x55fbbdfebc1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x55fbbde20210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x55fbbde297e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x55fbbde10d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x55fbbde3c1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7faea9c6f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: operator new(unsigned long)--__libcpp_operator_new--__libcpp_allocate Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x70,0x6e,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x2f,0x2f,0x2f,0x59,0x2f,0x2f,0x2f,0x43,0x41,0x42,0x45,0x49,0x37,0x34,0x41,0x55,0x31,0x41,0x4e,0x48,0x49,0x51,0x45,0x4f,0x45,0x51,0x47,0x2f,0x45,0x2f,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/png;base64,///Y///CABEI74AU1ANHIQEOEQG/E/\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-98dadfcc15b3623f8b02b9eb4dcd2e232961c892 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCwvLy9ZLy8vQ0FCRUk3NEFVMUFOSElRRU9FUUcvRS8ifV0sImFzc2V0Ijp7InZlcnNpb24iOiIifX0= Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 8 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2021549598 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x557655602b30, 0x557655606794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x557655606798,0x557655642dd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/98dadfcc15b3623f8b02b9eb4dcd2e232961c892' caused a failure at the previous merge step Step #5: MERGE-INNER: 12845 total files; 6139 processed earlier; will process 6706 files now Step #5: #1 pulse cov: 904 ft: 905 exec/s: 0 rss: 57Mb Step #5: #2 pulse cov: 931 ft: 987 exec/s: 0 rss: 57Mb Step #5: #4 pulse cov: 1001 ft: 1091 exec/s: 0 rss: 57Mb Step #5: #8 pulse cov: 1382 ft: 1774 exec/s: 0 rss: 1349Mb Step #5: #16 pulse cov: 1606 ft: 2104 exec/s: 0 rss: 1349Mb Step #5: #32 pulse cov: 1903 ft: 2900 exec/s: 10 rss: 1349Mb Step #5: #64 pulse cov: 2199 ft: 3652 exec/s: 7 rss: 1389Mb Step #5: #128 pulse cov: 2703 ft: 5593 exec/s: 7 rss: 1533Mb Step #5: #256 pulse cov: 2940 ft: 7236 exec/s: 5 rss: 1631Mb Step #5: ==70== ERROR: libFuzzer: out-of-memory (used: 2095Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 2455269791 bytes in 26939 chunks; quarantined: 7729120 bytes in 96 chunks; 35187 other chunks; total chunks: 62222; showing top 95% (at most 8 unique contexts) Step #5: 1213501145 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x55765523ffdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x5576553165f2 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x5576553165f2 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x5576553165f2 in load_jpeg_image /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:3920:28 Step #5: #4 0x5576553165f2 in stbi__jpeg_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:4035:13 Step #5: #5 0x557655301780 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1166:35 Step #5: #6 0x55765527fc79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #7 0x5576552a2f7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #8 0x5576552a2f7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #9 0x55765539ff02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #10 0x55765539ff02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #11 0x55765539ff02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #12 0x55765539ff02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #13 0x5576554127bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #14 0x5576554127bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #15 0x5576554127bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #16 0x5576552c6c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #17 0x5576552c6c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #18 0x5576552b53da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #19 0x5576552ffc1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #20 0x5576552ffc1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #21 0x5576552ffc1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #22 0x557655134210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #23 0x55765513d7e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #24 0x557655124d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #25 0x5576551501c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #26 0x7f4575832082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 1213501144 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x55765527d3ad in operator new(unsigned long) /src/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:86:3 Step #5: #1 0x5576553623b1 in __libcpp_operator_new /usr/local/bin/../include/c++/v1/new:271:10 Step #5: #2 0x5576553623b1 in __libcpp_allocate /usr/local/bin/../include/c++/v1/new:295:10 Step #5: #3 0x5576553623b1 in allocate /usr/local/bin/../include/c++/v1/__memory/allocator.h:125:32 Step #5: #4 0x5576553623b1 in __allocate_at_least > /usr/local/bin/../include/c++/v1/__memory/allocate_at_least.h:55:19 Step #5: #5 0x5576553623b1 in std::__1::__split_buffer&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator&) /usr/local/bin/../include/c++/v1/__split_buffer:343:25 Step #5: #6 0x5576553a0c1e in std::__1::vector>::__append(unsigned long) /usr/local/bin/../include/c++/v1/vector:1095:49 Step #5: #7 0x5576552a3c09 in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2732:18 Step #5: #8 0x55765539ff02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x55765539ff02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x55765539ff02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x55765539ff02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x5576554127bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x5576554127bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x5576554127bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x5576552c6c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x5576552c6c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x5576552b53da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x5576552ffc1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x5576552ffc1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x5576552ffc1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x557655134210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x55765513d7e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x557655124d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x5576551501c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f4575832082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: operator new(unsigned long)--__libcpp_operator_new--__libcpp_allocate Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x62,0x6d,0x70,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x2f,0x2f,0x2f,0x59,0x2f,0x2f,0x2f,0x43,0x41,0x42,0x51,0x49,0x4a,0x51,0x39,0x38,0x36,0x67,0x51,0x48,0x45,0x51,0x45,0x45,0x45,0x67,0x49,0x4c,0x45,0x67,0x48,0x50,0x49,0x65,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/bmp;base64,///Y///CABQIJQ986gQHEQEEEgILEgHPIe\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-025d798e36497037e77fef3d96e6453f1fae9416 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvYm1wO2Jhc2U2NCwvLy9ZLy8vQ0FCUUlKUTk4NmdRSEVRRUVFZ0lMRWdIUEllIn1dLCJhc3NldCI6eyJ2ZXJzaW9uIjoiIn19 Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 9 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2093854025 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x5576428fbb30, 0x5576428ff794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x5576428ff798,0x55764293bdd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/025d798e36497037e77fef3d96e6453f1fae9416' caused a failure at the previous merge step Step #5: MERGE-INNER: 12845 total files; 6466 processed earlier; will process 6379 files now Step #5: #1 pulse cov: 792 ft: 793 exec/s: 0 rss: 1480Mb Step #5: #2 pulse cov: 910 ft: 977 exec/s: 0 rss: 1480Mb Step #5: #4 pulse cov: 1057 ft: 1335 exec/s: 0 rss: 1480Mb Step #5: #8 pulse cov: 1240 ft: 1752 exec/s: 0 rss: 1480Mb Step #5: #16 pulse cov: 1630 ft: 2389 exec/s: 0 rss: 1480Mb Step #5: #32 pulse cov: 1968 ft: 3098 exec/s: 16 rss: 1480Mb Step #5: ==74== ERROR: libFuzzer: out-of-memory (used: 2100Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 424357606 bytes in 20850 chunks; quarantined: 9292172 bytes in 4899 chunks; 40451 other chunks; total chunks: 66200; showing top 95% (at most 8 unique contexts) Step #5: 396332736 byte(s) (93%) in 1 allocation(s) Step #5: #0 0x557642538fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x5576425faea0 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x5576425faea0 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x5576425faea0 in stbi__bmp_load /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:5616:22 Step #5: #4 0x5576425faea0 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1148:35 Step #5: #5 0x557642578c79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x55764259bf7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x55764259bf7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x557642698f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x557642698f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x557642698f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x557642698f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x55764270b7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x55764270b7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x55764270b7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x5576425bfc84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x5576425bfc84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x5576425ae3da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x5576425f8c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x5576425f8c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x5576425f8c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x55764242d210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x5576424367e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x55764241dd95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x5576424491c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7f6c3889a082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 24383096 byte(s) (5%) in 11 allocation(s) Step #5: #0 0x557642538fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x557642798d73 in operator new(unsigned long) cxa_noexception.cpp Step #5: #2 0x5576424491c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #3 0x7f6c3889a082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--operator new(unsigned long)--main Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x70,0x6e,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x51,0x6b,0x31,0x35,0x45,0x76,0x41,0x45,0x6d,0x41,0x66,0x50,0x41,0x49,0x30,0x41,0x41,0x41,0x41,0x4d,0x41,0x41,0x41,0x41,0x45,0x41,0x75,0x72,0x69,0x41,0x45,0x41,0x41,0x51,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/png;base64,Qk15EvAEmAfPAI0AAAAMAAAAEAuriAEAAQ\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-c69205cf21578c3e8501f54e41cc65ac3e083491 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxRazE1RXZBRW1BZlBBSTBBQUFBTUFBQUFFQXVyaUFFQUFRIn1dLCJhc3NldCI6eyJ2ZXJzaW9uIjoiIn19 Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 10 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2102142234 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x55f92ffbeb30, 0x55f92ffc2794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x55f92ffc2798,0x55f92fffedd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/c69205cf21578c3e8501f54e41cc65ac3e083491' caused a failure at the previous merge step Step #5: MERGE-INNER: 12845 total files; 6520 processed earlier; will process 6325 files now Step #5: #1 pulse cov: 840 ft: 841 exec/s: 0 rss: 55Mb Step #5: #2 pulse cov: 873 ft: 934 exec/s: 0 rss: 55Mb Step #5: #4 pulse cov: 983 ft: 1078 exec/s: 4 rss: 444Mb Step #5: #8 pulse cov: 1454 ft: 1917 exec/s: 8 rss: 444Mb Step #5: #16 pulse cov: 1682 ft: 2305 exec/s: 3 rss: 825Mb Step #5: #32 pulse cov: 1820 ft: 2564 exec/s: 2 rss: 2101Mb Step #5: ==78== ERROR: libFuzzer: out-of-memory (used: 2101Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 701451550 bytes in 20003 chunks; quarantined: 7049776 bytes in 46 chunks; 41937 other chunks; total chunks: 61986; showing top 95% (at most 8 unique contexts) Step #5: 673460560 byte(s) (96%) in 1 allocation(s) Step #5: #0 0x55f92fbfbfdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55f92fcbdea0 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x55f92fcbdea0 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x55f92fcbdea0 in stbi__bmp_load /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:5616:22 Step #5: #4 0x55f92fcbdea0 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1148:35 Step #5: #5 0x55f92fc3bc79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #6 0x55f92fc5ef7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #7 0x55f92fc5ef7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #8 0x55f92fd5bf02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x55f92fd5bf02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x55f92fd5bf02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x55f92fd5bf02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x55f92fdce7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x55f92fdce7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x55f92fdce7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x55f92fc82c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x55f92fc82c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x55f92fc713da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x55f92fcbbc1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x55f92fcbbc1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x55f92fcbbc1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x55f92faf0210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x55f92faf97e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x55f92fae0d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x55f92fb0c1c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7fbbafa6a082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x70,0x6e,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x51,0x6b,0x33,0x41,0x43,0x41,0x41,0x32,0x4d,0x45,0x68,0x79,0x6b,0x51,0x41,0x42,0x41,0x41,0x41,0x4d,0x41,0x41,0x41,0x41,0x33,0x41,0x71,0x54,0x37,0x41,0x45,0x41,0x47,0x41,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/png;base64,Qk3ACAA2MEhykQABAAAMAAAA3AqT7AEAGA\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-e899c7bf27a2ffea8d915a1b24d50b8807df2ad0 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxRazNBQ0FBMk1FaHlrUUFCQUFBTUFBQUEzQXFUN0FFQUdBIn1dLCJhc3NldCI6eyJ2ZXJzaW9uIjoiIn19 Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 11 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2119427778 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x55bc50e94b30, 0x55bc50e98794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x55bc50e98798,0x55bc50ed4dd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/e899c7bf27a2ffea8d915a1b24d50b8807df2ad0' caused a failure at the previous merge step Step #5: MERGE-INNER: 12845 total files; 6558 processed earlier; will process 6287 files now Step #5: #1 pulse cov: 782 ft: 783 exec/s: 0 rss: 41Mb Step #5: #2 pulse cov: 1015 ft: 1247 exec/s: 0 rss: 44Mb Step #5: #4 pulse cov: 1087 ft: 1371 exec/s: 0 rss: 47Mb Step #5: #8 pulse cov: 1210 ft: 1529 exec/s: 0 rss: 47Mb Step #5: #16 pulse cov: 1362 ft: 1776 exec/s: 0 rss: 347Mb Step #5: #32 pulse cov: 1660 ft: 2581 exec/s: 6 rss: 1068Mb Step #5: #64 pulse cov: 2396 ft: 4069 exec/s: 9 rss: 1083Mb Step #5: ==82== ERROR: libFuzzer: out-of-memory (used: 2123Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 2321423321 bytes in 22494 chunks; quarantined: 3473748 bytes in 1963 chunks; 41728 other chunks; total chunks: 66185; showing top 95% (at most 8 unique contexts) Step #5: 1146666701 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x55bc50ad1fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x55bc50ba85f2 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x55bc50ba85f2 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x55bc50ba85f2 in load_jpeg_image /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:3920:28 Step #5: #4 0x55bc50ba85f2 in stbi__jpeg_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:4035:13 Step #5: #5 0x55bc50b93780 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1166:35 Step #5: #6 0x55bc50b11c79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #7 0x55bc50b34f7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #8 0x55bc50b34f7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #9 0x55bc50c31f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #10 0x55bc50c31f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #11 0x55bc50c31f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #12 0x55bc50c31f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #13 0x55bc50ca47bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #14 0x55bc50ca47bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #15 0x55bc50ca47bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #16 0x55bc50b58c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #17 0x55bc50b58c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #18 0x55bc50b473da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #19 0x55bc50b91c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #20 0x55bc50b91c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #21 0x55bc50b91c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #22 0x55bc509c6210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #23 0x55bc509cf7e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #24 0x55bc509b6d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #25 0x55bc509e21c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #26 0x7fb81e1b7082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 1146666700 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x55bc50b0f3ad in operator new(unsigned long) /src/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:86:3 Step #5: #1 0x55bc50bf43b1 in __libcpp_operator_new /usr/local/bin/../include/c++/v1/new:271:10 Step #5: #2 0x55bc50bf43b1 in __libcpp_allocate /usr/local/bin/../include/c++/v1/new:295:10 Step #5: #3 0x55bc50bf43b1 in allocate /usr/local/bin/../include/c++/v1/__memory/allocator.h:125:32 Step #5: #4 0x55bc50bf43b1 in __allocate_at_least > /usr/local/bin/../include/c++/v1/__memory/allocate_at_least.h:55:19 Step #5: #5 0x55bc50bf43b1 in std::__1::__split_buffer&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator&) /usr/local/bin/../include/c++/v1/__split_buffer:343:25 Step #5: #6 0x55bc50c32c1e in std::__1::vector>::__append(unsigned long) /usr/local/bin/../include/c++/v1/vector:1095:49 Step #5: #7 0x55bc50b35c09 in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2732:18 Step #5: #8 0x55bc50c31f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x55bc50c31f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x55bc50c31f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x55bc50c31f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x55bc50ca47bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x55bc50ca47bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x55bc50ca47bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x55bc50b58c84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x55bc50b58c84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x55bc50b473da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x55bc50b91c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x55bc50b91c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x55bc50b91c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x55bc509c6210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x55bc509cf7e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x55bc509b6d95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x55bc509e21c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7fb81e1b7082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: operator new(unsigned long)--__libcpp_operator_new--__libcpp_allocate Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x6a,0x70,0x65,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x2f,0x2f,0x2f,0x59,0x2f,0x2f,0x2f,0x41,0x41,0x42,0x51,0x49,0x48,0x62,0x2b,0x54,0x44,0x51,0x53,0x48,0x45,0x51,0x45,0x48,0x4d,0x51,0x45,0x45,0x45,0x51,0x45,0x45,0x4d,0x65,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/jpeg;base64,///Y///AABQIHb+TDQSHEQEHMQEEEQEEMe\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-e5d1ec9008dd880515cdf7ba972e1d9d4b818177 Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLy8vWS8vL0FBQlFJSGIrVERRU0hFUUVITVFFRUVRRUVNZSJ9XSwiYXNzZXQiOnsidmVyc2lvbiI6IiJ9fQ== Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 12 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2131726719 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x563538a0ab30, 0x563538a0e794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x563538a0e798,0x563538a4add8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/e5d1ec9008dd880515cdf7ba972e1d9d4b818177' caused a failure at the previous merge step Step #5: MERGE-INNER: 12845 total files; 6628 processed earlier; will process 6217 files now Step #5: #1 pulse cov: 886 ft: 887 exec/s: 0 rss: 43Mb Step #5: #2 pulse cov: 1119 ft: 1359 exec/s: 0 rss: 45Mb Step #5: #4 pulse cov: 1294 ft: 1637 exec/s: 0 rss: 46Mb Step #5: #8 pulse cov: 1662 ft: 2248 exec/s: 0 rss: 46Mb Step #5: #16 pulse cov: 1822 ft: 2712 exec/s: 16 rss: 776Mb Step #5: #32 pulse cov: 2053 ft: 3196 exec/s: 16 rss: 776Mb Step #5: #64 pulse cov: 2420 ft: 3997 exec/s: 4 rss: 1531Mb Step #5: #128 pulse cov: 2616 ft: 4999 exec/s: 9 rss: 1531Mb Step #5: #256 pulse cov: 3096 ft: 7240 exec/s: 6 rss: 1804Mb Step #5: #512 pulse cov: 3432 ft: 8988 exec/s: 3 rss: 1804Mb Step #5: ==86== ERROR: libFuzzer: out-of-memory (used: 2136Mb; limit: 2048Mb) Step #5: To change the out-of-memory limit use -rss_limit_mb= Step #5: Step #5: Live Heap Allocations: 2199217427 bytes in 31362 chunks; quarantined: 9258154 bytes in 630 chunks; 38716 other chunks; total chunks: 70708; showing top 95% (at most 8 unique contexts) Step #5: 1085386753 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x563538647fdf in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:68:3 Step #5: #1 0x56353871e5f2 in stbi__malloc /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:985:12 Step #5: #2 0x56353871e5f2 in stbi__malloc_mad3 /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1056:11 Step #5: #3 0x56353871e5f2 in load_jpeg_image /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:3920:28 Step #5: #4 0x56353871e5f2 in stbi__jpeg_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:4035:13 Step #5: #5 0x563538709780 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1166:35 Step #5: #6 0x563538687c79 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1261:19 Step #5: #7 0x5635386aaf7e in stbi_load_from_memory /src/tinygltf/tests/fuzzer/build/../../../stb_image.h:1431:11 Step #5: #8 0x5635386aaf7e in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2665:14 Step #5: #9 0x5635387a7f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #10 0x5635387a7f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #11 0x5635387a7f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #12 0x5635387a7f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #13 0x56353881a7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #14 0x56353881a7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #15 0x56353881a7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #16 0x5635386cec84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #17 0x5635386cec84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #18 0x5635386bd3da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #19 0x563538707c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #20 0x563538707c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #21 0x563538707c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #22 0x56353853c210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #23 0x5635385457e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #24 0x56353852cd95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #25 0x5635385581c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #26 0x7fdb835e0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: __interceptor_malloc--stbi__malloc--stbi__malloc_mad3 Step #5: 1085386752 byte(s) (49%) in 1 allocation(s) Step #5: #0 0x5635386853ad in operator new(unsigned long) /src/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:86:3 Step #5: #1 0x56353876a3b1 in __libcpp_operator_new /usr/local/bin/../include/c++/v1/new:271:10 Step #5: #2 0x56353876a3b1 in __libcpp_allocate /usr/local/bin/../include/c++/v1/new:295:10 Step #5: #3 0x56353876a3b1 in allocate /usr/local/bin/../include/c++/v1/__memory/allocator.h:125:32 Step #5: #4 0x56353876a3b1 in __allocate_at_least > /usr/local/bin/../include/c++/v1/__memory/allocate_at_least.h:55:19 Step #5: #5 0x56353876a3b1 in std::__1::__split_buffer&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator&) /usr/local/bin/../include/c++/v1/__split_buffer:343:25 Step #5: #6 0x5635387a8c1e in std::__1::vector>::__append(unsigned long) /usr/local/bin/../include/c++/v1/vector:1095:49 Step #5: #7 0x5635386abc09 in tinygltf::LoadImageData(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:2732:18 Step #5: #8 0x5635387a7f02 in __invoke, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:344:25 Step #5: #9 0x5635387a7f02 in __call, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *), tinygltf::Image *, int, std::__1::basic_string, std::__1::allocator > *, std::__1::basic_string, std::__1::allocator > *, int, int, const unsigned char *, int, void *> /usr/local/bin/../include/c++/v1/__type_traits/invoke.h:411:12 Step #5: #10 0x5635387a7f02 in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:169:12 Step #5: #11 0x5635387a7f02 in std::__1::__function::__func, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*), std::__1::allocator, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>, bool (tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)>::operator()(tinygltf::Image*&&, int&&, std::__1::basic_string, std::__1::allocator>*&&, std::__1::basic_string, std::__1::allocator>*&&, int&&, int&&, unsigned char const*&&, int&&, void*&&) /usr/local/bin/../include/c++/v1/__functional/function.h:311:10 Step #5: #12 0x56353881a7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:428:12 Step #5: #13 0x56353881a7bc in operator() /usr/local/bin/../include/c++/v1/__functional/function.h:981:10 Step #5: #14 0x56353881a7bc in tinygltf::ParseImage(tinygltf::Image*, int, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, bool, std::__1::basic_string, std::__1::allocator> const&, unsigned long, tinygltf::FsCallbacks*, tinygltf::URICallbacks const*, std::__1::function, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, int, int, unsigned char const*, int, void*)> const&, void*) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:4435:10 Step #5: #15 0x5635386cec84 in operator() /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6415:12 Step #5: #16 0x5635386cec84 in bool tinygltf::detail::ForEachInArray, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10>(nlohmann::basic_json, std::__1::allocator>, bool, long, unsigned long, double, std::__1::allocator, nlohmann::adl_serializer, std::__1::vector>> const&, char const*, tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int)::$_10&&) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:5971:12 Step #5: #17 0x5635386bd3da in tinygltf::TinyGLTF::LoadFromString(tinygltf::Model*, std::__1::basic_string, std::__1::allocator>*, std::__1::basic_string, std::__1::allocator>*, char const*, unsigned int, std::__1::basic_string, std::__1::allocator> const&, unsigned int) /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6407:20 Step #5: #18 0x563538707c1d in LoadASCIIFromString /src/tinygltf/tests/fuzzer/build/../../../tiny_gltf.h:6698:10 Step #5: #19 0x563538707c1d in parse_intCoding4 /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:22:18 Step #5: #20 0x563538707c1d in LLVMFuzzerTestOneInput /src/tinygltf/tests/fuzzer/build/../fuzz_gltf.cc:30:5 Step #5: #21 0x56353853c210 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 Step #5: #22 0x5635385457e0 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #23 0x56353852cd95 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:887:8 Step #5: #24 0x5635385581c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #25 0x7fdb835e0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: operator new(unsigned long)--__libcpp_operator_new--__libcpp_allocate Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7b,0x22,0x69,0x6d,0x61,0x67,0x65,0x73,0x22,0x3a,0x5b,0x7b,0x22,0x75,0x72,0x69,0x22,0x3a,0x22,0x64,0x61,0x74,0x61,0x3a,0x69,0x6d,0x61,0x67,0x65,0x2f,0x70,0x6e,0x67,0x3b,0x62,0x61,0x73,0x65,0x36,0x34,0x2c,0x51,0x6b,0x33,0x34,0x47,0x41,0x41,0x41,0x4d,0x45,0x51,0x79,0x42,0x68,0x6f,0x41,0x41,0x41,0x41,0x4d,0x41,0x41,0x41,0x41,0x30,0x6a,0x30,0x54,0x41,0x41,0x45,0x41,0x47,0x41,0x41,0x47,0x41,0x41,0x45,0x4d,0x45,0x51,0x33,0x32,0x37,0x36,0x38,0x79,0x22,0x7d,0x5d,0x2c,0x22,0x61,0x73,0x73,0x65,0x74,0x22,0x3a,0x7b,0x22,0x76,0x65,0x72,0x73,0x69,0x6f,0x6e,0x22,0x3a,0x22,0x22,0x7d,0x7d, Step #5: {\"images\":[{\"uri\":\"data:image/png;base64,Qk34GAAAMEQyBhoAAAAMAAAA0j0TAAEAGAAGAAEMEQ32768y\"}],\"asset\":{\"version\":\"\"}} Step #5: artifact_prefix='./'; Test unit written to ./oom-707727ada796b14653f9f5e27f97b2a6751e8aae Step #5: Base64: eyJpbWFnZXMiOlt7InVyaSI6ImRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxRazM0R0FBQU1FUXlCaG9BQUFBTUFBQUEwajBUQUFFQUdBQUdBQUVNRVEzMjc2OHkifV0sImFzc2V0Ijp7InZlcnNpb24iOiIifX0= Step #5: SUMMARY: libFuzzer: out-of-memory Step #5: MERGE-OUTER: attempt 13 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2375063673 Step #5: INFO: Loaded 1 modules (15460 inline 8-bit counters): 15460 [0x55b98f344b30, 0x55b98f348794), Step #5: INFO: Loaded 1 PC tables (15460 PCs): 15460 [0x55b98f348798,0x55b98f384dd8), Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge39.txt' Step #5: MERGE-INNER: '/corpus/fuzz_gltf/707727ada796b14653f9f5e27f97b2a6751e8aae' caused a failure at the previous merge step Step #5: MERGE-INNER: 12845 total files; 7440 processed earlier; will process 5405 files now Step #5: #1 pulse cov: 655 ft: 656 exec/s: 0 rss: 45Mb Step #5: #2 pulse cov: 760 ft: 975 exec/s: 0 rss: 46Mb Step #5: #4 pulse cov: 974 ft: 1375 exec/s: 0 rss: 46Mb Step #5: #8 pulse cov: 1674 ft: 2430 exec/s: 2 rss: 1372Mb Step #5: #16 pulse cov: 2031 ft: 3199 exec/s: 2 rss: 1544Mb Step #5: #32 pulse cov: 2490 ft: 4427 exec/s: 1 rss: 1833Mb Step #5: #64 pulse cov: 2804 ft: 5869 exec/s: 2 rss: 1833Mb Step #5: #128 pulse cov: 3071 ft: 7300 exec/s: 3 rss: 1833Mb Step #5: #256 pulse cov: 3360 ft: 9119 exec/s: 4 rss: 1924Mb Step #5: #512 pulse cov: 3516 ft: 10638 exec/s: 7 rss: 1924Mb Step #5: #1024 pulse cov: 3639 ft: 12712 exec/s: 6 rss: 1924Mb Step #5: #2048 pulse cov: 3858 ft: 16056 exec/s: 5 rss: 1924Mb Step #5: #4096 pulse cov: 3919 ft: 21847 exec/s: 5 rss: 1924Mb Step #5: #5405 DONE cov: 3922 ft: 23468 exec/s: 6 rss: 1945Mb Step #5: MERGE-OUTER: successful in 13 attempt(s) Step #5: MERGE-OUTER: the control file has 1902692 bytes Step #5: MERGE-OUTER: consumed 1Mb (63Mb rss) to parse the control file Step #5: MERGE-OUTER: 6514 new files with 25288 new features added; 4324 new coverage edges Step #5: [2025-08-29 07:12:50,079 INFO] Finding shared libraries for targets (if any). Step #5: [2025-08-29 07:12:50,089 INFO] Finished finding shared libraries for targets. Step #5: Coverage error, creating log file: /workspace/out/libfuzzer-coverage-x86_64/fuzzer_stats/fuzz_gltf_error.log Step #5: [2025-08-29 07:12:50,423 INFO] Finding shared libraries for targets (if any). Step #5: [2025-08-29 07:12:50,432 INFO] Finished finding shared libraries for targets. Step #5: [2025-08-29 07:12:50,675 DEBUG] Finished generating per-file code coverage summary. Step #5: [2025-08-29 07:12:50,675 DEBUG] Generating file view html index file as: "/workspace/out/libfuzzer-coverage-x86_64/report/linux/file_view_index.html". Step #5: [2025-08-29 07:12:50,684 DEBUG] Finished generating file view html index file. Step #5: [2025-08-29 07:12:50,684 DEBUG] Calculating per-directory coverage summary. Step #5: [2025-08-29 07:12:50,684 DEBUG] Finished calculating per-directory coverage summary. Step #5: [2025-08-29 07:12:50,684 DEBUG] Writing per-directory coverage html reports. Step #5: [2025-08-29 07:12:50,720 DEBUG] Finished writing per-directory coverage html reports. Step #5: [2025-08-29 07:12:50,720 DEBUG] Generating directory view html index file as: "/workspace/out/libfuzzer-coverage-x86_64/report/linux/directory_view_index.html". Step #5: [2025-08-29 07:12:50,720 DEBUG] Finished generating directory view html index file. Step #5: [2025-08-29 07:12:50,720 INFO] Index file for html report is generated as: "file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/index.html". Step #5: [2025-08-29 07:12:50,953 DEBUG] Finished generating per-file code coverage summary. Step #5: [2025-08-29 07:12:50,953 DEBUG] Generating file view html index file as: "/workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/file_view_index.html". Step #5: [2025-08-29 07:12:50,962 DEBUG] Finished generating file view html index file. Step #5: [2025-08-29 07:12:50,962 DEBUG] Calculating per-directory coverage summary. Step #5: [2025-08-29 07:12:50,962 DEBUG] Finished calculating per-directory coverage summary. Step #5: [2025-08-29 07:12:50,962 DEBUG] Writing per-directory coverage html reports. Step #5: [2025-08-29 07:12:50,997 DEBUG] Finished writing per-directory coverage html reports. Step #5: [2025-08-29 07:12:50,997 DEBUG] Generating directory view html index file as: "/workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/directory_view_index.html". Step #5: [2025-08-29 07:12:50,997 DEBUG] Finished generating directory view html index file. Step #5: [2025-08-29 07:12:50,997 INFO] Index file for html report is generated as: "file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/index.html". Finished Step #5 Starting Step #6 Step #6: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #6: CommandException: 1 files/objects could not be removed. Finished Step #6 Starting Step #7 Step #7: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #7: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/style.css [Content-Type=text/css]... Step #7: / [0/15 files][ 0.0 B/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/directory_view_index.html [Content-Type=text/html]... Step #7: / [0/15 files][ 0.0 B/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/summary.json [Content-Type=application/json]... Step #7: / [0/15 files][ 0.0 B/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/index.html [Content-Type=text/html]... Step #7: / [0/15 files][ 2.9 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/report.html [Content-Type=text/html]... Step #7: / [0/15 files][ 3.1 KiB/ 9.3 MiB] 0% Done / [1/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/file_view_index.html [Content-Type=text/html]... Step #7: / [1/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done / [2/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done / [3/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/report.html [Content-Type=text/html]... Step #7: / [3/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done / [4/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done / [5/15 files][ 16.5 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinygltf/json.hpp.html [Content-Type=text/html]... Step #7: / [5/15 files][ 20.8 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinygltf/stb_image_write.h.html [Content-Type=text/html]... Step #7: / [5/15 files][ 20.8 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinygltf/report.html [Content-Type=text/html]... Step #7: / [5/15 files][ 20.8 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinygltf/stb_image.h.html [Content-Type=text/html]... Step #7: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinygltf/tiny_gltf.h.html [Content-Type=text/html]... Step #7: / [5/15 files][ 20.8 KiB/ 9.3 MiB] 0% Done / [5/15 files][ 20.8 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinygltf/tests/report.html [Content-Type=text/html]... Step #7: / [5/15 files][ 20.8 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinygltf/tests/fuzzer/report.html [Content-Type=text/html]... Step #7: / [5/15 files][ 20.8 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinygltf/tests/fuzzer/fuzz_gltf.cc.html [Content-Type=text/html]... Step #7: / [5/15 files][ 20.8 KiB/ 9.3 MiB] 0% Done / [6/15 files][ 20.8 KiB/ 9.3 MiB] 0% Done / [7/15 files][ 20.8 KiB/ 9.3 MiB] 0% Done / [8/15 files][ 7.7 MiB/ 9.3 MiB] 82% Done / [9/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [10/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [11/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [12/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [13/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [14/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [15/15 files][ 9.3 MiB/ 9.3 MiB] 100% Done Step #7: Operation completed over 15 objects/9.3 MiB. Finished Step #7 Starting Step #8 Step #8: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #8: CommandException: 1 files/objects could not be removed. Finished Step #8 Starting Step #9 Step #9: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/style.css [Content-Type=text/css]... Step #9: / [0/15 files][ 0.0 B/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/directory_view_index.html [Content-Type=text/html]... Step #9: / [0/15 files][ 0.0 B/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/summary.json [Content-Type=application/json]... Step #9: / [0/15 files][ 0.0 B/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/index.html [Content-Type=text/html]... Step #9: / [0/15 files][ 0.0 B/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/report.html [Content-Type=text/html]... Step #9: / [0/15 files][ 2.9 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/file_view_index.html [Content-Type=text/html]... Step #9: / [0/15 files][ 3.1 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/src/report.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/src/tinygltf/report.html [Content-Type=text/html]... Step #9: / [0/15 files][ 3.1 KiB/ 9.3 MiB] 0% Done / [0/15 files][ 3.1 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/src/tinygltf/stb_image.h.html [Content-Type=text/html]... Step #9: / [0/15 files][ 3.1 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/src/tinygltf/json.hpp.html [Content-Type=text/html]... Step #9: / [0/15 files][ 5.8 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/src/tinygltf/stb_image_write.h.html [Content-Type=text/html]... Step #9: / [0/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done / [1/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/src/tinygltf/tiny_gltf.h.html [Content-Type=text/html]... Step #9: / [1/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/src/tinygltf/tests/report.html [Content-Type=text/html]... Step #9: / [1/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/src/tinygltf/tests/fuzzer/report.html [Content-Type=text/html]... Step #9: / [1/15 files][ 10.4 KiB/ 9.3 MiB] 0% Done / [2/15 files][ 16.5 KiB/ 9.3 MiB] 0% Done / [3/15 files][ 20.8 KiB/ 9.3 MiB] 0% Done / [4/15 files][ 20.8 KiB/ 9.3 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/fuzz_gltf/linux/src/tinygltf/tests/fuzzer/fuzz_gltf.cc.html [Content-Type=text/html]... Step #9: / [4/15 files][554.7 KiB/ 9.3 MiB] 5% Done / [5/15 files][ 3.1 MiB/ 9.3 MiB] 33% Done / [6/15 files][ 5.9 MiB/ 9.3 MiB] 63% Done / [7/15 files][ 6.4 MiB/ 9.3 MiB] 69% Done / [8/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [9/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [10/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [11/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [12/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [13/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [14/15 files][ 9.3 MiB/ 9.3 MiB] 99% Done / [15/15 files][ 9.3 MiB/ 9.3 MiB] 100% Done Step #9: Operation completed over 15 objects/9.3 MiB. Finished Step #9 Starting Step #10 Step #10: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #10: CommandException: 1 files/objects could not be removed. Finished Step #10 Starting Step #11 Step #11: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #11: Copying file:///workspace/out/libfuzzer-coverage-x86_64/fuzzer_stats/fuzz_gltf.json [Content-Type=application/json]... Step #11: / [0/3 files][ 0.0 B/ 3.6 KiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/fuzzer_stats/fuzz_gltf_error.log [Content-Type=application/octet-stream]... Step #11: / [0/3 files][ 0.0 B/ 3.6 KiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/fuzzer_stats/coverage_targets.txt [Content-Type=text/plain]... Step #11: / [0/3 files][ 0.0 B/ 3.6 KiB] 0% Done / [1/3 files][ 3.6 KiB/ 3.6 KiB] 99% Done / [2/3 files][ 3.6 KiB/ 3.6 KiB] 99% Done / [3/3 files][ 3.6 KiB/ 3.6 KiB] 100% Done Step #11: Operation completed over 3 objects/3.6 KiB. Finished Step #11 Starting Step #12 Step #12: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #12: CommandException: 1 files/objects could not be removed. Finished Step #12 Starting Step #13 Step #13: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #13: Copying file:///workspace/out/libfuzzer-coverage-x86_64/textcov_reports/fuzz_gltf.covreport [Content-Type=application/octet-stream]... Step #13: / [0/1 files][ 0.0 B/759.7 KiB] 0% Done / [1/1 files][759.7 KiB/759.7 KiB] 100% Done Step #13: Operation completed over 1 objects/759.7 KiB. Finished Step #13 Starting Step #14 Step #14: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #14: CommandException: 1 files/objects could not be removed. Finished Step #14 Starting Step #15 Step #15: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #15: Copying file:///workspace/out/libfuzzer-coverage-x86_64/logs/fuzz_gltf.log [Content-Type=application/octet-stream]... Step #15: / [0/1 files][ 0.0 B/187.5 KiB] 0% Done / [1/1 files][187.5 KiB/187.5 KiB] 100% Done Step #15: Operation completed over 1 objects/187.5 KiB. Finished Step #15 Starting Step #16 Step #16: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #16: Copying file:///workspace/srcmap.json [Content-Type=application/json]... Step #16: / [0 files][ 0.0 B/ 154.0 B] / [1 files][ 154.0 B/ 154.0 B] Step #16: Operation completed over 1 objects/154.0 B. Finished Step #16 Starting Step #17 Step #17: Already have image (with digest): gcr.io/cloud-builders/curl Step #17: % Total % Received % Xferd Average Speed Time Time Time Current Step #17: Dload Upload Total Spent Left Speed Step #17: 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 312 0 0 100 312 0 1344 --:--:-- --:--:-- --:--:-- 1350 Finished Step #17 PUSH DONE