Skip to content

fuzz: weekly regression seeds (2026-05-31)#12

Open
lilith wants to merge 1 commit into
mainfrom
fuzz/weekly-2026-05-31
Open

fuzz: weekly regression seeds (2026-05-31)#12
lilith wants to merge 1 commit into
mainfrom
fuzz/weekly-2026-05-31

Conversation

@lilith
Copy link
Copy Markdown
Member

@lilith lilith commented May 31, 2026

Weekly automated fuzz sweep for webpx.

New crashes

Target Seed Size Repro?
limits_boundaries limits_boundaries-oom-8ead9eb0c7cd 73 bytes yes

OOM details: scale decode with scale_w=51794, scale_h=65505, use_scale=true, and a crafted max_total_pixels value that bypasses the limit check. This triggers a 13,571,063,880-byte malloc in WebPAllocateDecBufferDecodeIntoWebPDecode via Decoder::decode_rgba. Stack trace confirms libwebp allocates output buffer based on scaled dimensions before checking limits. Minimized from 78 → 73 bytes.

Per-target stats

Target Execs Coverage (cov/ft) New seeds
decode_animation 1,253,556 172/283 0
decode_into 618,895 190/231 0
decode_static 346,368 183/230 0
decode_streaming 10,021,394 239/579 0
decoder_builder 1,584,970 341/527 0
dim_extremes 2,826,357 284/454 0
encode_roundtrip 296,474 365/459 0
image_info 253,619,024 41/42 0
limits_boundaries 1 (OOM)
mux_metadata 37,061,401 130/187 0
stride_extremes 2,974,240 371/610 0
yuv_planes 18,048,234 253/281 0

Notes

  • All 12 targets ran for 600 seconds each with -dict=webp.dict -max_len=65536
  • cargo test --all-features --test fuzz_regression passes with the new seed
  • The OOM occurs in decode.rs:948 (decode_advanced) when use_scale=true allows libwebp to allocate a scaled output buffer whose dimensions (51794×65505×4 = ~13.5 GB) exceed available memory. The max_total_pixels field in LimitInput did not prevent the allocation.
  • limits_boundaries exec count not captured (run terminated after OOM was found and tmin was run)

https://claude.ai/code/session_01R7wJyc77Fym34qcakBcqfj

Generated by Claude Code

@claude
test: add 1 regression seed from weekly fuzz sweep
6b52a0a 
New OOM in limits_boundaries: scale decode with oversized dims triggers
13.5 GB malloc in WebPAllocateDecBuffer (scale_w=51794, scale_h=65505,
use_scale=true). Minimized to 73 bytes.

https://claude.ai/code/session_01R7wJyc77Fym34qcakBcqfj
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented May 31, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 78.85%. Comparing base (842fc5e) to head (6b52a0a).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main      #12   +/-   ##
=======================================
  Coverage   78.85%   78.85%           
=======================================
  Files          18       18           
  Lines        4460     4460           
=======================================
  Hits         3517     3517           
  Misses        943      943

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lilith @codecov-commenter @claude