flim@, is this the same issue as you've already addressed, or a new one?

It's a similar bug but in a different location. I've added a fix upstream and submitted for review.

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4529940753547264

Fuzzer: libfuzzer_audio_decoder_opus_redundant_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  silk_PLC_conceal
  silk_PLC
  silk_decode_frame
  

Minimized Testcase (0.34 Kb): https://cluster-fuzz.appspot.com/download/AMIfv957kFP05LnccpFn8yob8DntV2B0mgl3X7Eijd_mGYH7SEpGCJFH4FxnP6h-854HyHs8JEJQhGMqouWTkBOBewHOl4jFvUDZgeMDt9EHHq7t4xdHJc09O8oAqs5PjvqQl5cuvcB6KtK95cvlA9ucGowHuOYtiw?testcase_id=4529940753547264

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4529940753547264

Fuzzer: libfuzzer_audio_decoder_opus_redundant_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  silk_PLC_conceal
  silk_PLC
  silk_decode_frame
  

Minimized Testcase (0.34 Kb): https://cluster-fuzz.appspot.com/download/AMIfv957kFP05LnccpFn8yob8DntV2B0mgl3X7Eijd_mGYH7SEpGCJFH4FxnP6h-854HyHs8JEJQhGMqouWTkBOBewHOl4jFvUDZgeMDt9EHHq7t4xdHJc09O8oAqs5PjvqQl5cuvcB6KtK95cvlA9ucGowHuOYtiw?testcase_id=4529940753547264

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5638112877477888

Fuzzer: libfuzzer_audio_decoder_opus_redundant_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  silk_PLC_conceal
  silk_PLC
  silk_decode_frame
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746

Minimized Testcase (0.68 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96rwZBTTBbR5v2d8zHMTSeNRTaNlE7TReBpPx2SQfyLnaBpoLSPPyQGfWKB1388yW8rtPadMo3WRcATrnXJxkFI-0W6ZbM9Kmqaty-RTLhqoCDHolONft9XklUmXBB-pilgUL4rXFnBCfH3JmWkzS6XA58BZA?testcase_id=5638112877477888

Filer: ajha

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

flim@: Can we get an update on the fix as CF is still complaining and is Impacting Head.

The fix has landed in the upstream repository some time ago but we are waiting for a new release of Opus to pull it in. 

Unfortunately there is no easy way to cherry pick fixes as https://chromium.googlesource.com/chromium/deps/opus.git mirrors the upstream repo. Is it an option to suppress this test meanwhile?

kjellander@: maybe we can look again at options for cherry picking?

Chromium's src/DEPS points to https://chromium.googlesource.com/chromium/deps/opus/+/655cc54c564b84ef2827f0b2152ce3811046201e which is half a year old. I think opus needs to be updated here, this isn't auto-rolled.

We shouldn't have to use specific versions of Opus, do we?

Looks like https://chromium.googlesource.com/chromium/deps/opus/+/37cce2800bd79dd6b2ef7b44f71e2c9b714dc4d1, updated 4 days ago bumps version to 1.1.3. This contains https://chromium.googlesource.com/chromium/deps/opus.git/+/5ead149cf49cc8d2fd0e1fb3c7cd564ecbbce100.

You're right opus isn't auto-rolled, that's because we currently wait for releases before pulling it in. However we should rethink this and I'll start a separate discussion offline about this. 

Thanks for spotting the recent change to 1.1.3! I noticed it wasn't tagged or announced publicly yet; I'm checking with the authors to see what's the status but it looks like we should be able to roll 1.1.3 in very soon.

ClusterFuzz has detected this issue as fixed in range 407796:407929.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5638112877477888

Fuzzer: libfuzzer_audio_decoder_opus_redundant_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  silk_PLC_conceal
  silk_PLC
  silk_decode_frame
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=407796:407929

Minimized Testcase (0.68 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96rwZBTTBbR5v2d8zHMTSeNRTaNlE7TReBpPx2SQfyLnaBpoLSPPyQGfWKB1388yW8rtPadMo3WRcATrnXJxkFI-0W6ZbM9Kmqaty-RTLhqoCDHolONft9XklUmXBB-pilgUL4rXFnBCfH3JmWkzS6XA58BZA?testcase_id=5638112877477888

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot