New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 596319 link

Starred by 0 users

Issue metadata

Status: Duplicate
Merged: issue 581901
Owner:
Last visit 15 days ago
Closed: Apr 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug-Security



Sign in to add a comment

Global-buffer-overflow in WebRtcIsacfix_PitchFilterCore

Project Member Reported by ClusterFuzz, Mar 20 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6384504238768128

Fuzzer: libfuzzer_audio_decoder_isacfix_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Global-buffer-overflow READ 2
Crash Address: 0x0000005e5300
Crash State:
  WebRtcIsacfix_PitchFilterCore
  WebRtcIsacfix_PitchFilter
  WebRtcIsacfix_DecodeImpl
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=381907:381934

Minimized Testcase (0.02 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96OopBXdppUEVxVNwDUaoxcCiHpczoXh8hIoVawrvAKanDSI4MgSA7Bpg5uyOpI6MHHJDgDs-cmHWQ6NXlT3Dte3tJb_ENUIiJc-sZ9FC92xrf7Vfpst0TExjsXhz9jkKooILVkewTAejl6VcXM41VKIGN4EQ

Filer: mmoroz

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 

Comment 1 by mmoroz@chromium.org, Mar 20 2016

Cc: och...@chromium.org infe...@chromium.org kcc@chromium.org pbos@chromium.org hlundin@chromium.org aizatsky@chromium.org

Comment 2 by pbos@chromium.org, Mar 20 2016

Owner: hlundin@chromium.org
Status: Assigned (was: Available)
hlundin can you triage?

Comment 3 by mea...@chromium.org, Mar 20 2016

Components: Blink>WebRTC
Labels: M-50
Project Member

Comment 4 by ClusterFuzz, Mar 21 2016

Labels: Pri-1
Project Member

Comment 5 by sheriffbot@chromium.org, Mar 22 2016

Labels: -Security_Impact-Head Security_Impact-Beta
Project Member

Comment 6 by ClusterFuzz, Mar 25 2016

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6384504238768128

Fuzzer: libfuzzer_audio_decoder_isacfix_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Global-buffer-overflow READ 2
Crash Address: 0x0000005e5300
Crash State:
  WebRtcIsacfix_PitchFilterCore
  WebRtcIsacfix_PitchFilter
  WebRtcIsacfix_DecodeImpl
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=381907:381934

Minimized Testcase (0.02 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96OopBXdppUEVxVNwDUaoxcCiHpczoXh8hIoVawrvAKanDSI4MgSA7Bpg5uyOpI6MHHJDgDs-cmHWQ6NXlT3Dte3tJb_ENUIiJc-sZ9FC92xrf7Vfpst0TExjsXhz9jkKooILVkewTAejl6VcXM41VKIGN4EQ

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Owner: kwiberg@chromium.org
kwiberg@, is this the same issue as you've already looked at?
Mergedinto: 581901
Status: Duplicate (was: Assigned)
Yes, it's the same, because I can't reproduce this one now, but if I revert the bugfix for  bug 581901  I can reproduce.
Project Member

Comment 9 by sheriffbot@chromium.org, Jul 12 2016

Labels: -Restrict-View-SecurityTeam
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 10 by sheriffbot@chromium.org, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 11 by sheriffbot@chromium.org, Oct 2 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic

Sign in to add a comment