flatbuffers_scalar_fuzzer assertion failure with OOM condition

[catenacyber]

Hi @aardappel

I found an assertion failure with Nallocfuzz (fuzzing engine with allocation failures google/oss-fuzz#9902) with scalar_fuzzer
(other targets look resistant)

flatbuffers/tests/fuzzer/flatbuffers_scalar_fuzzer.cc

Line 341 in 23922e7

if (orig_done) { TEST_EQ_STR(fix_back.c_str(), orig_back.c_str()); }

Input is -\03733333333333331666666666666666

Stack trace is

EXPECTED: "{"Y": 33333333834915540662556295168.0}"
VALUE: "{"Y": }"
TEST FAILED: /src/flatbuffers/tests/fuzzer/flatbuffers_scalar_fuzzer.cc:341, 'fix_back.c_str()' != 'orig_back.c_str()' in 
AddressSanitizer:DEADLYSIGNAL
=================================================================
==12==ERROR: AddressSanitizer: ILL on unknown address 0x0000003d1139 (pc 0x0000003d1139 bp 0x7ffe4a3ab5f0 sp 0x7ffe4a3ab5f0 T0)
SCARINESS: 10 (signal)
    #0 0x3d1139 in OneTimeTestInit::TestFailListener(char const*, char const*, char const*, char const*, int, char const*) /src/flatbuffers/tests/fuzzer/test_init.h:23:5
    #1 0x5a1e7d in TestFail(char const*, char const*, char const*, char const*, int, char const*) /src/flatbuffers/tests/test_assert.cpp:22:23
    #2 0x5a1f40 in TestEqStr(char const*, char const*, char const*, char const*, int, char const*) /src/flatbuffers/tests/test_assert.cpp:30:5
    #3 0x3c46fe in LLVMFuzzerTestOneInput /src/flatbuffers/tests/fuzzer/flatbuffers_scalar_fuzzer.cc:341:24
    #4 0x5a2638 in NaloFuzzerTestOneInput (/out/scalar_fuzzer+0x5a2638)
    #5 0x5c1ea3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #6 0x5c168a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    #7 0x5c2d59 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
    #8 0x5c3a25 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
    #9 0x5b213f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6

[github-actions]

This issue is stale because it has been open 6 months with no activity. Please comment or label not-stale, or this will be closed in 14 days.

[github-actions]

This issue was automatically closed due to no activity for 6 months plus the 14 day notice period.