Issue metadata
Sign in to add a comment
|
Use-of-uninitialized-value in vorbis_header |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4931256059428864 Fuzzer: libfuzzer_media_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: vorbis_header ogg_packet ogg_get_length Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=379005:379097 Minimized Testcase (0.36 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96vzen_XWBGxTr1FprvIrBWqWfbXOpS9p91EcIMrB6DGkBQ7oeAlzYH5bzcV45uP9fAbasQB0AJUhOt68T1zQVY33XqSRwNIEAqWzIlIykb2ugnIzZE3L9Yy7je5NgBm6iMJmDk4VBXb8o8KVP59G7xhttBeQ Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 6 2016
,
Apr 6 2016
,
Apr 6 2016
tentatively to wolenetz@ who will work on ffmpeg roll for M51.
,
Apr 6 2016
,
Apr 25 2016
,
Apr 25 2016
,
Apr 25 2016
wolenetz@ -- setting current milestone (M50) as the milestone since it is a Medium Pri bug. Please feel free to change.
,
Apr 26 2016
,
Apr 26 2016
wolenetz: Uh oh! This issue still open and hasn't been updated in the last 19 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 28 2016
,
Apr 29 2016
Sharding this one to chcunningham@. Thanks Chris!
,
May 9 2016
This seems likely to be same root cause as Issue 600669 . Same stack / line number. See https://bugs.chromium.org/p/chromium/issues/detail?id=600669#c13
,
May 10 2016
ClusterFuzz has detected this issue as fixed in range 391516:392381. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4931256059428864 Fuzzer: libfuzzer_media_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: vorbis_header ogg_packet ogg_get_length Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=379005:379097 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=391516:392381 Minimized Testcase (0.36 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96vzen_XWBGxTr1FprvIrBWqWfbXOpS9p91EcIMrB6DGkBQ7oeAlzYH5bzcV45uP9fAbasQB0AJUhOt68T1zQVY33XqSRwNIEAqWzIlIykb2ugnIzZE3L9Yy7je5NgBm6iMJmDk4VBXb8o8KVP59G7xhttBeQ See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 21 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by mmoroz@chromium.org
, Apr 6 2016Owner: xhw...@chromium.org