Tiny crafted files take 15 seconds to decode, exceed memory limits

Question

Tiny crafted files take 15 seconds to decode, exceed memory limits

Closed this issue 10 months ago · 2 comments

Shnatsel commented 10 months ago

Here are the 10 worst offenders:
jxl-timeouts-round2.tar.gz

They also take at around 1GB of RAM to decode, while the fuzzing harness specifies a 128Mb memory limit.

This occurs even with the fixes for #163 and #165 applied.

Found with cargo fuzz. Tested on commit 362447b

Answer 1 · 2024-01-03T15:42:57.000Z

Currently memory limit only tracks image buffer allocations, so maybe that's from some auxiliary buffer allocation. It seems like there are quite a lot of limits missing...

Answer 2 · 2024-01-05T04:04:11.000Z

timeout-2b72930122d3e999ff9efb4733e499da2ab8abb7 will be fixed¹ by #171. The other samples need more investigation; djxl crashes on aarch64 and occasionally crashes on x86_64. I guess it needs to be reported to libjxl also.

Well, it's not a "fix" strictly, because the decode time and memory consumption is not from malformed header but from infinitely large MA tree. libjxl detects simple infinite case like this and returns early. ↩

Footnotes