Integer-overflow in silk_PLC_conceal |
||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4529940753547264 Fuzzer: libfuzzer_audio_decoder_opus_redundant_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: silk_PLC_conceal silk_PLC silk_decode_frame Minimized Testcase (0.34 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96NG3cOzBY44E9FhkMzwvUkh2alfyh4LX-7QZCdPGOwiz7WQXVAtlMzGrM-XsBmGNiatNdZdwl7tJ8sy3F0-CaP50E4ItCpaXLQ-tWD4UNdV2sEFfHsSK0VOm_WEHXsgsNtXdMiHlUIJJwjQzQyDIDl2h_bjw Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 25 2016
,
Apr 25 2016
,
Apr 26 2016
flim@, is this the same issue as you've already addressed, or a new one?
,
Apr 26 2016
It's a similar bug but in a different location. I've added a fix upstream and submitted for review.
,
Jun 27 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4529940753547264 Fuzzer: libfuzzer_audio_decoder_opus_redundant_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: silk_PLC_conceal silk_PLC silk_decode_frame Minimized Testcase (0.34 Kb): https://cluster-fuzz.appspot.com/download/AMIfv957kFP05LnccpFn8yob8DntV2B0mgl3X7Eijd_mGYH7SEpGCJFH4FxnP6h-854HyHs8JEJQhGMqouWTkBOBewHOl4jFvUDZgeMDt9EHHq7t4xdHJc09O8oAqs5PjvqQl5cuvcB6KtK95cvlA9ucGowHuOYtiw?testcase_id=4529940753547264 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 27 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4529940753547264 Fuzzer: libfuzzer_audio_decoder_opus_redundant_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: silk_PLC_conceal silk_PLC silk_decode_frame Minimized Testcase (0.34 Kb): https://cluster-fuzz.appspot.com/download/AMIfv957kFP05LnccpFn8yob8DntV2B0mgl3X7Eijd_mGYH7SEpGCJFH4FxnP6h-854HyHs8JEJQhGMqouWTkBOBewHOl4jFvUDZgeMDt9EHHq7t4xdHJc09O8oAqs5PjvqQl5cuvcB6KtK95cvlA9ucGowHuOYtiw?testcase_id=4529940753547264 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 12 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5638112877477888 Fuzzer: libfuzzer_audio_decoder_opus_redundant_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: silk_PLC_conceal silk_PLC silk_decode_frame Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746 Minimized Testcase (0.68 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96rwZBTTBbR5v2d8zHMTSeNRTaNlE7TReBpPx2SQfyLnaBpoLSPPyQGfWKB1388yW8rtPadMo3WRcATrnXJxkFI-0W6ZbM9Kmqaty-RTLhqoCDHolONft9XklUmXBB-pilgUL4rXFnBCfH3JmWkzS6XA58BZA?testcase_id=5638112877477888 Filer: ajha See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 12 2016
flim@: Can we get an update on the fix as CF is still complaining and is Impacting Head.
,
Jul 12 2016
The fix has landed in the upstream repository some time ago but we are waiting for a new release of Opus to pull it in. Unfortunately there is no easy way to cherry pick fixes as https://chromium.googlesource.com/chromium/deps/opus.git mirrors the upstream repo. Is it an option to suppress this test meanwhile? kjellander@: maybe we can look again at options for cherry picking?
,
Jul 12 2016
Chromium's src/DEPS points to https://chromium.googlesource.com/chromium/deps/opus/+/655cc54c564b84ef2827f0b2152ce3811046201e which is half a year old. I think opus needs to be updated here, this isn't auto-rolled.
,
Jul 12 2016
We shouldn't have to use specific versions of Opus, do we?
,
Jul 12 2016
Looks like https://chromium.googlesource.com/chromium/deps/opus/+/37cce2800bd79dd6b2ef7b44f71e2c9b714dc4d1, updated 4 days ago bumps version to 1.1.3. This contains https://chromium.googlesource.com/chromium/deps/opus.git/+/5ead149cf49cc8d2fd0e1fb3c7cd564ecbbce100.
,
Jul 12 2016
You're right opus isn't auto-rolled, that's because we currently wait for releases before pulling it in. However we should rethink this and I'll start a separate discussion offline about this. Thanks for spotting the recent change to 1.1.3! I noticed it wasn't tagged or announced publicly yet; I'm checking with the authors to see what's the status but it looks like we should be able to roll 1.1.3 in very soon.
,
Jul 27 2016
ClusterFuzz has detected this issue as fixed in range 407796:407929. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5638112877477888 Fuzzer: libfuzzer_audio_decoder_opus_redundant_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: silk_PLC_conceal silk_PLC silk_decode_frame Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=407796:407929 Minimized Testcase (0.68 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96rwZBTTBbR5v2d8zHMTSeNRTaNlE7TReBpPx2SQfyLnaBpoLSPPyQGfWKB1388yW8rtPadMo3WRcATrnXJxkFI-0W6ZbM9Kmqaty-RTLhqoCDHolONft9XklUmXBB-pilgUL4rXFnBCfH3JmWkzS6XA58BZA?testcase_id=5638112877477888 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 9 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by mmoroz@chromium.org
, Apr 25 2016Owner: pbos@chromium.org