Timeout in OSS-Fuzz
kevinbackhouse opened this issue · comments
OSS-Fuzz has found a "timeout" issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66957
It's not a security bug, because it's not reproducible in Exiv2. It only affects the fuzz target that we run in OSS-Fuzz.
To reproduce the issue, build the fuzz target and then run it like this:
./bin/fuzz-read-print-write poc.jpg
It runs for a long time, because these calls to md.print()
are generating very large strings:
exiv2/fuzz/fuzz-read-print-write.cpp
Lines 22 to 26 in 77915ad
The reason why Exiv2 isn't affected is because it has this code:
Lines 453 to 455 in 77915ad
In other words, Exiv2 doesn't print anything if the tag name starts with "0x". I could easily fix the fuzz target by adding similar code, but I'd quite like to understand what that code is doing. Does anybody know the reason for it?