1942920 - [@ mozilla::FFTBlock::PerformFFT] | AddressSanitizer: hard rss limit exhausted

Status: NEW

(Core :: Web Audio, defect)

Description

[Jason Kratzer [:jkratzer]]

Testcase found while fuzzing mozilla-central rev bd2ac8b50d75 (built with: --enable-address-sanitizer --enable-fuzzing).

Is it intended that setting the convolver buffer twice with the same buffer would lead to increased memory usage?

Testcase can be reproduced using the following commands:

$ pip install fuzzfetch grizzly-framework --upgrade
$ python -m fuzzfetch --build bd2ac8b50d75 --asan --fuzzing  -n firefox
$ python -m grizzly.replay.bugzilla ./firefox/firefox <bugid>

AddressSanitizer: hard rss limit exhausted

Comment 1

[Jason Kratzer [:jkratzer]]

Attachment: Detailed Crash Information

Comment 2

[Jason Kratzer [:jkratzer]]

Attachment: Testcase

Comment 3

[Bugmon [:jkratzer for issues]]

Unable to reproduce bug 1942920 using build mozilla-central 20250119092932-bd2ac8b50d75. Without a baseline, bugmon is unable to analyze this bug.
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.

Comment 4

[Jason Kratzer [:jkratzer]]

The attached testcase here was fairly unreliable during testing. I'm going to leave bugmon disabled.

Comment 5

[Jim Mathies [:jimm]]

Paul suggested you might have some ideas.

Comment 6

[Karl Tomlinson (:karlt)]

More memory usage when setting buffer a second time is expected because allocations for the second buffer are performed before releasing the first buffer, so that the setter can throw without side effects and because another thread owns the first buffer.

Comment 7

[Karl Tomlinson (:karlt)]

Perhaps we should limit the size of convolver buffers because for large enough buffers we won't be able to process fast enough. Not sure what we should do in that case. Throwing might be more helpful than truncating or passing through. We already throw for OOM.