Under POSIX type systems (e.g. Linux, FreeBSD, Solaris, etc.) the setrlimit() function may use RLIMIT_CPU to set a CPU time limit (not the same as elapsed time!) to assure that jasper does not execute too long (as pertains to time on the CPU) on a malign input file or due to improper command options. Expiration of the CPU time limit results in a SIGXCPU signal being sent to the process, and the default handling is to produce a core dump. Unfortunately, it seems that the jasper utility is not providing a signal handler for this:
% ulimit -t 5 ; jasper --input clusterfuzz-testcase-minimized-coder_JPC_fuzzer-4614983580450816 --input-format jpc --output output.pnm --output-format pnm
warning: trailing garbage in marker segment (1 bytes)
zsh: cpu limit exceeded (core dumped) jasper --input --input-format jpc --output output.pnm --output-format pnm
The behavior when a program core dumps depends heavily on the OS implementation, and the configuration of the system. The core dump might produce a file in a local directory, or it might produce a file in a centralized directory, or it might be analyzed by a script/program so that an analysis summary is sent to the operating system distribution maintainers, or it may do almost nothing. Regardless, core dumps can be expensive.
For a utility like jasper, it is useful to report the signal, and perhaps perform some clean-up before returning a status code (e.g. exit_(signo) or exit_(EXIT_FAILURE)) to the invoking environment. For example, if an output file has already been successfully opened (and may be corrupt), then unlinking it is useful so it won't waste disk space or be consumed later.
Currently the jasper program is not providing an option to limit its CPU or its execution time so external mechanisms need to be used.
Under POSIX type systems (e.g. Linux, FreeBSD, Solaris, etc.) the setrlimit() function may use RLIMIT_CPU to set a CPU time limit (not the same as elapsed time!) to assure that jasper does not execute too long (as pertains to time on the CPU) on a malign input file or due to improper command options. Expiration of the CPU time limit results in a SIGXCPU signal being sent to the process, and the default handling is to produce a core dump. Unfortunately, it seems that the jasper utility is not providing a signal handler for this:
The behavior when a program core dumps depends heavily on the OS implementation, and the configuration of the system. The core dump might produce a file in a local directory, or it might produce a file in a centralized directory, or it might be analyzed by a script/program so that an analysis summary is sent to the operating system distribution maintainers, or it may do almost nothing. Regardless, core dumps can be expensive.
For a utility like jasper, it is useful to report the signal, and perhaps perform some clean-up before returning a status code (e.g. exit_(signo) or exit_(EXIT_FAILURE)) to the invoking environment. For example, if an output file has already been successfully opened (and may be corrupt), then unlinking it is useful so it won't waste disk space or be consumed later.
Currently the jasper program is not providing an option to limit its CPU or its execution time so external mechanisms need to be used.